General
-
Target
Setup.exe
-
Size
463KB
-
Sample
230221-elyjgade93
-
MD5
dcd26511183f2d7eb30678661a88b765
-
SHA1
37157d94c22ddb5be80fb164fab68faede2711e6
-
SHA256
8f0d2909498e32a88ea7a3873958edd5456e0d9d3e766ce7c8bcc303f67d8984
-
SHA512
2bcdd37f94e3bddecaa27bb7abae837e3618debd9c91262d843b53d97e3f2f485ba586b3f7838da85a53ffa7d0887cfd496b87e366202073a7fcc233c355ba3d
-
SSDEEP
12288:LscjpZYrzMP41INt4WxGaZG3oBHgOmZndxwUnM:LscVZYD1iGWxZiQcrxHM
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
2.5
408
-
profile_id
408
Targets
-
-
Target
Setup.exe
-
Size
463KB
-
MD5
dcd26511183f2d7eb30678661a88b765
-
SHA1
37157d94c22ddb5be80fb164fab68faede2711e6
-
SHA256
8f0d2909498e32a88ea7a3873958edd5456e0d9d3e766ce7c8bcc303f67d8984
-
SHA512
2bcdd37f94e3bddecaa27bb7abae837e3618debd9c91262d843b53d97e3f2f485ba586b3f7838da85a53ffa7d0887cfd496b87e366202073a7fcc233c355ba3d
-
SSDEEP
12288:LscjpZYrzMP41INt4WxGaZG3oBHgOmZndxwUnM:LscVZYD1iGWxZiQcrxHM
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-