General
-
Target
file.exe
-
Size
3.3MB
-
Sample
230221-ncjhmaee87
-
MD5
69df9998a42524225a5b25d2e8a5bd79
-
SHA1
08d01a8d0a17b6d565eeb38e003a79cda4608ab2
-
SHA256
1bf1a0cbe61b5693903760d0bff9c3cb53a7c43061437e367b19a77b55aaadfa
-
SHA512
5b5760e2de414e6fe18df95553b5a1046a613b11252585e35667b804ff06ece7cc210a366509fbf9fb606dd8b5cddd4b613b8d7b70aef431c1241b3dc256d790
-
SSDEEP
49152:9es+BvKs6POj/T3K2Umsv/kd2BEmgNVfDdv3n9RIZqpCatWuOnqdEb+RPz:ksOFVrTa2E/VEmgNVfDx3nTTrEbQPz
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
2.5
813
-
profile_id
813
Extracted
raccoon
960d8047e2829c4b87de991d706e2490
http://94.142.138.37/
Targets
-
-
Target
file.exe
-
Size
3.3MB
-
MD5
69df9998a42524225a5b25d2e8a5bd79
-
SHA1
08d01a8d0a17b6d565eeb38e003a79cda4608ab2
-
SHA256
1bf1a0cbe61b5693903760d0bff9c3cb53a7c43061437e367b19a77b55aaadfa
-
SHA512
5b5760e2de414e6fe18df95553b5a1046a613b11252585e35667b804ff06ece7cc210a366509fbf9fb606dd8b5cddd4b613b8d7b70aef431c1241b3dc256d790
-
SSDEEP
49152:9es+BvKs6POj/T3K2Umsv/kd2BEmgNVfDdv3n9RIZqpCatWuOnqdEb+RPz:ksOFVrTa2E/VEmgNVfDx3nTTrEbQPz
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-