Overview
overview
10Static
static
1Canva Pro/...on.dll
windows10-2004-x64
1Canva Pro/...er.dll
windows10-2004-x64
1Canva Pro/...er.dll
windows10-2004-x64
1Canva Pro/...ce.dll
windows10-2004-x64
1Canva Pro/...in.xml
windows10-2004-x64
1Canva Pro/...ls.xml
windows10-2004-x64
1Canva Pro/setup.exe
windows10-2004-x64
10General
-
Target
Canva Pro.zip
-
Size
11.8MB
-
Sample
230222-ek6tfsbe9x
-
MD5
55ed6b10745acf1f76cef271b03c51e1
-
SHA1
5fc890bbc622630ceb3c5b493e06e0600735790e
-
SHA256
37527c641bc91bae5fdba37aa6fb8c3152c5935ceffdca4299071775dae589ce
-
SHA512
f8699fa65ab6a5fce9c52f4bbe3d12822a2b676aa14a9f0161d7ea99506227c059042435a02c989a185b6d15e0e7fac3ce315cf142a6f479559ae68a6c687d99
-
SSDEEP
196608:4bIJzPbmyjUluAR93/N78qWaZ2w889l4WocPv/MP3L+6WQholEM2S+LaaM4:4khK6UD31caZp8o/ocPv/f6WQhYcaE
Static task
static1
Behavioral task
behavioral1
Sample
Canva Pro/Data/Debug/Addition.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
Canva Pro/Data/Debug/Cracker.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Canva Pro/Data/Debug/Helper.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
Canva Pro/Data/Debug/Resource.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Canva Pro/Data/Packaged/Main.xml
Resource
win10v2004-20230221-en
Behavioral task
behavioral6
Sample
Canva Pro/Data/Packaged/Utils.xml
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
2.6
408
-
profile_id
408
Targets
-
-
Target
Canva Pro/Data/Debug/Addition.dll
-
Size
30KB
-
MD5
f22e849a370cdf127f48beab596bdd81
-
SHA1
fb1da47c7a246f2cda7f7686a468efafd9933b1e
-
SHA256
8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
-
SHA512
6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
-
SSDEEP
768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score1/10 -
-
-
Target
Canva Pro/Data/Debug/Cracker.dll
-
Size
56KB
-
MD5
404aacc737a9d30147d30cee6be0abba
-
SHA1
5f49b9197d73b53eb3473c80a6f25dc068421baf
-
SHA256
3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
-
SHA512
eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score1/10 -
-
-
Target
Canva Pro/Data/Debug/Helper.dll
-
Size
189B
-
MD5
9bb9aba5dd893bbccfa45e2d75d55d26
-
SHA1
5714796513341ac3159a6a3c23d4769209063d35
-
SHA256
6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
-
SHA512
f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score1/10 -
-
-
Target
Canva Pro/Data/Debug/Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
-
-
Target
Canva Pro/Data/Packaged/Main.ini
-
Size
1KB
-
MD5
7b53ebd64e5781e02eaefb6739a6b556
-
SHA1
d5332b200cf5dcea0419afdb66a15d89b9eb619f
-
SHA256
b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
-
SHA512
c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score1/10 -
-
-
Target
Canva Pro/Data/Packaged/Utils.dll
-
Size
1KB
-
MD5
73e051427246dd4ca45935b1a4bd7e2d
-
SHA1
7216f05041252f1c3a9d84aacdf84ef62f1a1045
-
SHA256
b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
-
SHA512
3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score1/10 -
-
-
Target
Canva Pro/setup.exe
-
Size
761.7MB
-
MD5
52e16b1e21fbafd5d7fe8b61ff3e7159
-
SHA1
cf11ccd4ccfff1d14f2525e12b1f19dd51aaa191
-
SHA256
0d94204c940cc218d21c1f10b7d77477a0cf932278a356279d23dafc44c923e2
-
SHA512
624b8a5138b5edaa2e811b64dbe7ab62e561172ef0bca38e11472c39ab534302a844fc5036669a8138f6b5138661e7b3bf744927d8952941d36886bd401edbec
-
SSDEEP
12288:NdBCCL9DFn7TvTswnmsyzNkv4Yp2yYiL39h:NdBCCL9DF7Trswcw4k24h
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-