General
-
Target
Setup.exe
-
Size
451KB
-
Sample
230216-tx3pwsab91
-
MD5
8a1ecc6285229de387aefc6c5d3fc6e3
-
SHA1
0f2232abd9f6fbe0c29aa0a9c2c93f4532d89f9a
-
SHA256
1e1a94b620ca832df3db9166c3cdb3e2e4da334c04ed6301a7da4ecea586bb12
-
SHA512
358a85c458a36530d7741bd31b368cd676d7913cc02978addd25f868f5cc6a64bdc23e16c9586e76440e84d6151bb74a6e5ec514f8321ae7312d456f4a3fbd1a
-
SSDEEP
6144:MUGCyZKR2xcdgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/6Fip6y/OMW:MUGCp7e82fZPMfq3tzWdvoZL92fMBg
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.5
408
-
profile_id
408
Targets
-
-
Target
Setup.exe
-
Size
451KB
-
MD5
8a1ecc6285229de387aefc6c5d3fc6e3
-
SHA1
0f2232abd9f6fbe0c29aa0a9c2c93f4532d89f9a
-
SHA256
1e1a94b620ca832df3db9166c3cdb3e2e4da334c04ed6301a7da4ecea586bb12
-
SHA512
358a85c458a36530d7741bd31b368cd676d7913cc02978addd25f868f5cc6a64bdc23e16c9586e76440e84d6151bb74a6e5ec514f8321ae7312d456f4a3fbd1a
-
SSDEEP
6144:MUGCyZKR2xcdgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/6Fip6y/OMW:MUGCp7e82fZPMfq3tzWdvoZL92fMBg
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-