General
-
Target
file.exe
-
Size
4.4MB
-
Sample
230322-wgaqaaae27
-
MD5
675cf5e68a94031fbb6872b9600573fe
-
SHA1
aa8de434e04f018bdb9329764629418ffa445c32
-
SHA256
249505e3a21c6f73f7e898c02375517a4cf7b40cf75bfcb7e581b6eecc562731
-
SHA512
0c7109fb24655f0fa2f7e80cbc961221c28f2fa07517b9967c38db36a968121a1cafddebee59a2c9e65163396edc7a7af3613d3c8f68ca6ac31e65152dc26664
-
SSDEEP
98304:N+QOGdd5Of4u8+Ws1+zIat5NW2bKfDQuddK+Dh9DigDq94k7LO:4QVdi8ts1+zU2bKfEudUaigD04k7LO
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199472266392
Targets
-
-
Target
file.exe
-
Size
4.4MB
-
MD5
675cf5e68a94031fbb6872b9600573fe
-
SHA1
aa8de434e04f018bdb9329764629418ffa445c32
-
SHA256
249505e3a21c6f73f7e898c02375517a4cf7b40cf75bfcb7e581b6eecc562731
-
SHA512
0c7109fb24655f0fa2f7e80cbc961221c28f2fa07517b9967c38db36a968121a1cafddebee59a2c9e65163396edc7a7af3613d3c8f68ca6ac31e65152dc26664
-
SSDEEP
98304:N+QOGdd5Of4u8+Ws1+zIat5NW2bKfDQuddK+Dh9DigDq94k7LO:4QVdi8ts1+zU2bKfEudUaigD04k7LO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-