General
-
Target
4c9fdfbf316f37dbcc7314e5641f9a9a.exe
-
Size
325KB
-
Sample
230214-lz275sbg9v
-
MD5
4c9fdfbf316f37dbcc7314e5641f9a9a
-
SHA1
7fa01df0e5420f9e5b69486550460e839fd0f3a3
-
SHA256
e661e53f429cd22e30ca6fb368f3e011e76264892f4e718c75cb3636f4f2e611
-
SHA512
b22c60d27ed5457677645a2b8669cd1958cc18a021e19dcf1d1a3a88ed63cd4eb749b1fe8798f651dcc5595d019ceb3cb38eae7a07ab73098eee502dbee5c32b
-
SSDEEP
6144:UmC+z5Dhwsy3xYwmHDnPyCeJNNgHX3v/MNuzY0L2ijcPqhLLpOYTr0ZVSEGxzkWy:U9iwsy3uRTaLRWX3v/MNb0l7RXH0sxzt
Static task
static1
Behavioral task
behavioral1
Sample
4c9fdfbf316f37dbcc7314e5641f9a9a.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
2.5
19
-
profile_id
19
Targets
-
-
Target
4c9fdfbf316f37dbcc7314e5641f9a9a.exe
-
Size
325KB
-
MD5
4c9fdfbf316f37dbcc7314e5641f9a9a
-
SHA1
7fa01df0e5420f9e5b69486550460e839fd0f3a3
-
SHA256
e661e53f429cd22e30ca6fb368f3e011e76264892f4e718c75cb3636f4f2e611
-
SHA512
b22c60d27ed5457677645a2b8669cd1958cc18a021e19dcf1d1a3a88ed63cd4eb749b1fe8798f651dcc5595d019ceb3cb38eae7a07ab73098eee502dbee5c32b
-
SSDEEP
6144:UmC+z5Dhwsy3xYwmHDnPyCeJNNgHX3v/MNuzY0L2ijcPqhLLpOYTr0ZVSEGxzkWy:U9iwsy3uRTaLRWX3v/MNb0l7RXH0sxzt
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-