General
-
Target
vdr.exe
-
Size
1.1MB
-
Sample
230319-bzmscagd8z
-
MD5
2217ee9707ae2b8c5798935eff36902e
-
SHA1
7751f7ce4f3e2d2d7aafa298d48408758482d26d
-
SHA256
ea9340574989e4082b2056d8eee9c80c35bdff64c2609dd2e4c7311d5bbab698
-
SHA512
d8006161b01e11cf741123c60cc52e8b7095de862dacbeb5eb0d4cabbfe43d97161ef72433a2cbe97052e6f7b7cf33813794caa9fafdff0c5be888a01a4d93ab
-
SSDEEP
24576:Ozvhbkfiq1URLTdRy6PFFqtj9eKlG/HTZOJrILl:u5bkiq1Upr2tj9XlGERAl
Static task
static1
Behavioral task
behavioral1
Sample
vdr.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
vdr.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3
3952bbf0d90985abbacaa568c51913e2
https://t.me/zaskullz
https://steamcommunity.com/profiles/76561199486572327
http://135.181.87.234:80
-
profile_id_v2
3952bbf0d90985abbacaa568c51913e2
Targets
-
-
Target
vdr.exe
-
Size
1.1MB
-
MD5
2217ee9707ae2b8c5798935eff36902e
-
SHA1
7751f7ce4f3e2d2d7aafa298d48408758482d26d
-
SHA256
ea9340574989e4082b2056d8eee9c80c35bdff64c2609dd2e4c7311d5bbab698
-
SHA512
d8006161b01e11cf741123c60cc52e8b7095de862dacbeb5eb0d4cabbfe43d97161ef72433a2cbe97052e6f7b7cf33813794caa9fafdff0c5be888a01a4d93ab
-
SSDEEP
24576:Ozvhbkfiq1URLTdRy6PFFqtj9eKlG/HTZOJrILl:u5bkiq1Upr2tj9XlGERAl
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-