General
-
Target
@^FulLFile_PCSetup_33221_ṔḁṨSKey_^$.rar
-
Size
9.1MB
-
Sample
240618-p7t4aaydqp
-
MD5
0c5e4050a2bb911ee225ea0b40f6a0ac
-
SHA1
4672c909786cfa77ccd1c4350073a09ac3e1b023
-
SHA256
6482c2b99f55cd9be24f6653dc9f63a43442ac7872dafb5364833c7ca20ecb25
-
SHA512
136079a603ec01fd43ad785997059464a4a86f46d2ac0eb9828c8960663df47dddb69fe2e2869f67ad7baff6e0433c97cbea8f0119e09cc65d8355f9d1db4dfc
-
SSDEEP
196608:sOIcnX5QaQIWC5SUNecTfwHGU3/R6oK7FW:sORniaQDC5zzWXgl7FW
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
Extracted
amadey
4.30
ffb1b9
http://proresupdate.com
-
install_dir
4bbb72a446
-
install_file
Hkbsse.exe
-
strings_key
1ebbd218121948a356341fff55521237
-
url_paths
/h9fmdW5/index.php
Targets
-
-
Target
Setup.exe
-
Size
5.5MB
-
MD5
ae697c5f8ef74fbe8daf09358afd9324
-
SHA1
8e18a9ee76df13daa5cfaf079872c77a25f15338
-
SHA256
4fc64e114f80ce755040ac2891bd1fab0492a831177491f3fe1382adf94030f9
-
SHA512
6f2bdd0c9d746218ab8c215e7d9fe1acaaf39763077eaf1a03754acb4d8ccfd518b052d98675ebf0233bbd3aa87ceffe1ffcdc14219b0a6f308d84a978a5f23a
-
SSDEEP
49152:mUWKwBCwZwchtBQmK2OMaKoEL+4V1njSYu65d8OtZUyZZlACMtUJoiIUCNPoBkYe:41BCwZwc5QfKRL+wfdhBWCdxA
-
Detect Vidar Stealer
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-