General
-
Target
RePack_Installer.exe
-
Size
33.7MB
-
Sample
230717-tht47sea2y
-
MD5
391148ba6a49c21f1561f0b358c4adc5
-
SHA1
9eaf6f202172a3bdaa5ef751b9e3ed359eb4557a
-
SHA256
75cd90a2f1d3620498799556ea9b9217aa5048c27db0a31f6f365cf01d713bd0
-
SHA512
628b51c10748c0635ff3409e14546257ebee44fc45cfc48f1cb51e73d99fa8bbe7cc9e4250a5cecf6059bfbf859aacdbe12670e83103042a6eb346e21f4c4423
-
SSDEEP
393216:k5zFjww2tS26qtUkzgwhTlGQx2YR+1WPe6vcYEa75Y7sizuQUZ8q5q5XiMusXNRp:krOiY9TlJckPeK3P7+vDqY9VJnp
Static task
static1
Behavioral task
behavioral1
Sample
RePack_Installer.exe
Resource
win7-20230712-en
Malware Config
Extracted
vidar
4.7
https://t.me/hwbhjegyuvbgyugge
https://t.me/hwbhjegyuvbgyugge
https://t.me/jhfvykuwgfwekuifwbe
https://t.me/eagl3z
https://steamcommunity.com/profiles/76561199159550234
-
profile_id_v2
https://t.me/hwbhjegyuvbgyugge
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1788.0 uacq
Extracted
systembc
91.103.252.89:4317
91.103.252.57:4317
Targets
-
-
Target
RePack_Installer.exe
-
Size
33.7MB
-
MD5
391148ba6a49c21f1561f0b358c4adc5
-
SHA1
9eaf6f202172a3bdaa5ef751b9e3ed359eb4557a
-
SHA256
75cd90a2f1d3620498799556ea9b9217aa5048c27db0a31f6f365cf01d713bd0
-
SHA512
628b51c10748c0635ff3409e14546257ebee44fc45cfc48f1cb51e73d99fa8bbe7cc9e4250a5cecf6059bfbf859aacdbe12670e83103042a6eb346e21f4c4423
-
SSDEEP
393216:k5zFjww2tS26qtUkzgwhTlGQx2YR+1WPe6vcYEa75Y7sizuQUZ8q5q5XiMusXNRp:krOiY9TlJckPeK3P7+vDqY9VJnp
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-