General
-
Target
file.exe
-
Size
368KB
-
Sample
230217-qcmldsfa4w
-
MD5
3cf860c04441652062810209fc5d0646
-
SHA1
7e7a428fa5900a23378f124576c9e3eaddcd0712
-
SHA256
1412834388380f678cedd1859951adef8bd6de45dad85373c0ca447ed99ab66c
-
SHA512
0bb65c317a3189906e1d8dea0b8e5efaf8cb2268c9b804e8d82223b98afab27a5252408a5d935147f8342bf7ecc2efafa2188b4ce50554682f2dda0325569538
-
SSDEEP
6144:7KpfzMTkFpYnOOeV4mR+OO83puRqHMFatWMYwzbkL2U5dCkJR:7KpfYTkFNv8H83w0MFatTJYLNj
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
2.5
813
-
profile_id
813
Targets
-
-
Target
file.exe
-
Size
368KB
-
MD5
3cf860c04441652062810209fc5d0646
-
SHA1
7e7a428fa5900a23378f124576c9e3eaddcd0712
-
SHA256
1412834388380f678cedd1859951adef8bd6de45dad85373c0ca447ed99ab66c
-
SHA512
0bb65c317a3189906e1d8dea0b8e5efaf8cb2268c9b804e8d82223b98afab27a5252408a5d935147f8342bf7ecc2efafa2188b4ce50554682f2dda0325569538
-
SSDEEP
6144:7KpfzMTkFpYnOOeV4mR+OO83puRqHMFatWMYwzbkL2U5dCkJR:7KpfYTkFNv8H83w0MFatTJYLNj
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-