General
-
Target
file.exe
-
Size
3.4MB
-
Sample
230327-1c2enafd27
-
MD5
9838d7b931ba280e94b401ed799e35f9
-
SHA1
ae7d122c39e37ef24b9a1fd3fdf08fd002f8620e
-
SHA256
0136319c6ea0ac8a0265c915e91731252b3e185433846300e858bf22570eff35
-
SHA512
2ff6289355bd35238ce0b00a3130022da2d76a814066c1469bad63a4319b5a2dc2965d90346ecf8ad3ebaecf63c8828f049eb5abac83376a217aedccf203cc1f
-
SSDEEP
98304:PUGbQl+tr2/LRPFiwwxBU0lxvCngfl1m4wgfT:2l+IN6ZvegDR7
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.2
faf321b64879a39e4d9e2b6994483a1a
https://steamcommunity.com/profiles/76561199489580435
https://t.me/tabootalks
-
profile_id_v2
faf321b64879a39e4d9e2b6994483a1a
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
file.exe
-
Size
3.4MB
-
MD5
9838d7b931ba280e94b401ed799e35f9
-
SHA1
ae7d122c39e37ef24b9a1fd3fdf08fd002f8620e
-
SHA256
0136319c6ea0ac8a0265c915e91731252b3e185433846300e858bf22570eff35
-
SHA512
2ff6289355bd35238ce0b00a3130022da2d76a814066c1469bad63a4319b5a2dc2965d90346ecf8ad3ebaecf63c8828f049eb5abac83376a217aedccf203cc1f
-
SSDEEP
98304:PUGbQl+tr2/LRPFiwwxBU0lxvCngfl1m4wgfT:2l+IN6ZvegDR7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-