General
-
Target
file.exe
-
Size
4.0MB
-
Sample
230325-x53lmseb35
-
MD5
c8912fe8e08b4e0947b0c56201485581
-
SHA1
2699d925e8a1708e86afac0f65d8e4797126fe90
-
SHA256
9ee64b8dc1af383e25ca542f9ede7a8b649c8b1477012c39fca179637fec289d
-
SHA512
c6eca8af85ceeec0a0221a067196bb17ed09bb00931371f79d262d53efcff405c38ea93bb9189d791eb3b358c121a9ec4475f754d1ea92045deff2de0426b70f
-
SSDEEP
98304:wqjAMzqBA3pR8BG0Zu+wExyDfpvo0fc/jc/kA3:w4pzqCCBG05w1DRATct3
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
3.1
20f95c4f85151b21c48a8766fbd2d32d
https://steamcommunity.com/profiles/76561199472266392
https://t.me/tabootalks
http://135.181.26.183:80
-
profile_id_v2
20f95c4f85151b21c48a8766fbd2d32d
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
file.exe
-
Size
4.0MB
-
MD5
c8912fe8e08b4e0947b0c56201485581
-
SHA1
2699d925e8a1708e86afac0f65d8e4797126fe90
-
SHA256
9ee64b8dc1af383e25ca542f9ede7a8b649c8b1477012c39fca179637fec289d
-
SHA512
c6eca8af85ceeec0a0221a067196bb17ed09bb00931371f79d262d53efcff405c38ea93bb9189d791eb3b358c121a9ec4475f754d1ea92045deff2de0426b70f
-
SSDEEP
98304:wqjAMzqBA3pR8BG0Zu+wExyDfpvo0fc/jc/kA3:w4pzqCCBG05w1DRATct3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-