General
-
Target
file.exe
-
Size
3MB
-
Sample
230221-neacqsee96
-
MD5
16274daca70d541c57399c2156360124
-
SHA1
4e5790cb7dbb3714d26140bd319410a90352c340
-
SHA256
c0bfc01fc145322a9194eb2ca9d75285312805b577bcf8e6ca510d59389f4ab3
-
SHA512
ecb87230f114d88c0adf791b32d682a97841991274e7654cd498420dc8da61e90738a04e757c3c08cf99df777e5486e4576f94157956f8ce0aba67c8e703cc53
-
SSDEEP
98304:6CDrrzdb8PIJOvYWrn/LjdPUmTgebZ9X2IXd0v:zDvzdwgJhWrdxtbZl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
2.6
813
-
profile_id
813
Extracted
raccoon
960d8047e2829c4b87de991d706e2490
http://94.142.138.37/
Targets
-
-
Target
file.exe
-
Size
3MB
-
MD5
16274daca70d541c57399c2156360124
-
SHA1
4e5790cb7dbb3714d26140bd319410a90352c340
-
SHA256
c0bfc01fc145322a9194eb2ca9d75285312805b577bcf8e6ca510d59389f4ab3
-
SHA512
ecb87230f114d88c0adf791b32d682a97841991274e7654cd498420dc8da61e90738a04e757c3c08cf99df777e5486e4576f94157956f8ce0aba67c8e703cc53
-
SSDEEP
98304:6CDrrzdb8PIJOvYWrn/LjdPUmTgebZ9X2IXd0v:zDvzdwgJhWrdxtbZl
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-