General
-
Target
file.exe
-
Size
1.7MB
-
Sample
230323-nat7cafc27
-
MD5
6879c0e92290ed7a0e289cc3aaedc855
-
SHA1
142ec4479eab773d71ef7b2a76425c039b45fc1b
-
SHA256
7cf4bbf990447d72bd9d0ba0a19d824f8b598b4a8759cec8e53f92c2db9a221b
-
SHA512
99b9339c3db036c30146057caaf15e3b4b3aaacb82123802af677406aaa5646ece4c9349daa97faff2d740b43bf19b0dfe39d492cdf7d1af19c41ce0959dbacd
-
SSDEEP
49152:oylp0eRr/wxlEr1k68gUOGWVwEEEEGoqFdC8:oyJRr/Qi1kpR1WVwEEEEGoqFd3
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.1
ba1fc89d9f7df84dadf34886aabb246c
https://t.me/owned001
http://65.109.236.2:80
https://t.me/tabootalks
https://steamcommunity.com/profiles/76561199472266392
http://135.181.26.183:80
-
profile_id_v2
ba1fc89d9f7df84dadf34886aabb246c
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
6879c0e92290ed7a0e289cc3aaedc855
-
SHA1
142ec4479eab773d71ef7b2a76425c039b45fc1b
-
SHA256
7cf4bbf990447d72bd9d0ba0a19d824f8b598b4a8759cec8e53f92c2db9a221b
-
SHA512
99b9339c3db036c30146057caaf15e3b4b3aaacb82123802af677406aaa5646ece4c9349daa97faff2d740b43bf19b0dfe39d492cdf7d1af19c41ce0959dbacd
-
SSDEEP
49152:oylp0eRr/wxlEr1k68gUOGWVwEEEEGoqFdC8:oyJRr/Qi1kpR1WVwEEEEGoqFd3
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-