General
-
Target
0c0e36b959067fd86e0af98f3717d0f4.exe
-
Size
6.0MB
-
Sample
231231-p6lerafga3
-
MD5
0c0e36b959067fd86e0af98f3717d0f4
-
SHA1
d8d9b5b6c391ca2121c588ff27db25723a12a120
-
SHA256
56538d4161a6b6e0e57759f73f81a76db0b7bf9f923791f56e719793ae10ece9
-
SHA512
d9265cefe3de237940f1b7a7b53f11d5cbac57ccae89516f21560fd12cd1c87fbe145321e788032a683fc65e5b5273310258210243fa2d0643a1f0de86fc1e62
-
SSDEEP
98304:pAI+M5d//M7JWK1jkynv/z2Y6KwUMKVL87NAME+PK55HPaYRzAWu2t75hLnSUHJr:it4nM7wEjksH6bxHA/z5xacEWRF5S+Jr
Static task
static1
Behavioral task
behavioral1
Sample
0c0e36b959067fd86e0af98f3717d0f4.exe
Resource
win7-20231215-en
Malware Config
Extracted
vidar
40.1
916
https://eduarroma.tumblr.com/
-
profile_id
916
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
0c0e36b959067fd86e0af98f3717d0f4.exe
-
Size
6.0MB
-
MD5
0c0e36b959067fd86e0af98f3717d0f4
-
SHA1
d8d9b5b6c391ca2121c588ff27db25723a12a120
-
SHA256
56538d4161a6b6e0e57759f73f81a76db0b7bf9f923791f56e719793ae10ece9
-
SHA512
d9265cefe3de237940f1b7a7b53f11d5cbac57ccae89516f21560fd12cd1c87fbe145321e788032a683fc65e5b5273310258210243fa2d0643a1f0de86fc1e62
-
SSDEEP
98304:pAI+M5d//M7JWK1jkynv/z2Y6KwUMKVL87NAME+PK55HPaYRzAWu2t75hLnSUHJr:it4nM7wEjksH6bxHA/z5xacEWRF5S+Jr
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Vidar Stealer
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-