General
-
Target
tmp
-
Size
6.9MB
-
Sample
230609-zbvp2sdd76
-
MD5
339fbfa154755393b2baec483e5f1257
-
SHA1
209a36c4a3e156a391849f9934e36c862175ac32
-
SHA256
6b79d25b436f4059d791f8fcb22d912a899ac27792527f03dfe3bcd17a5b2b7f
-
SHA512
54f6e08453f826304c975a863683b980f613a920b0af09a08e57a13bd90833ae0cda63f4ca487a7ec4e5dd8f87f649d273a3c03575f711c179e48b4367fef9a1
-
SSDEEP
196608:/4Lbt1AcaU/2bwFJ54cJ+0e+Oq2e1JZFE:/4zF2bwFHY0HO2JZ
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
4.2
a64ca0c195d3c6bc2a04ada079183388
https://steamcommunity.com/profiles/76561199511129510
https://t.me/rechnungsbetrag
-
profile_id_v2
a64ca0c195d3c6bc2a04ada079183388
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75
Targets
-
-
Target
tmp
-
Size
6.9MB
-
MD5
339fbfa154755393b2baec483e5f1257
-
SHA1
209a36c4a3e156a391849f9934e36c862175ac32
-
SHA256
6b79d25b436f4059d791f8fcb22d912a899ac27792527f03dfe3bcd17a5b2b7f
-
SHA512
54f6e08453f826304c975a863683b980f613a920b0af09a08e57a13bd90833ae0cda63f4ca487a7ec4e5dd8f87f649d273a3c03575f711c179e48b4367fef9a1
-
SSDEEP
196608:/4Lbt1AcaU/2bwFJ54cJ+0e+Oq2e1JZFE:/4zF2bwFHY0HO2JZ
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-