Overview
overview
10Static
static
1PaSsCodé-...up.zip
windows10-2004-x64
1Key.png
windows10-2004-x64
3PassCode.txt
windows10-2004-x64
1Satup_2233...0d.rar
windows10-2004-x64
3Lang/en-US...te.xml
windows10-2004-x64
1Lang/en-US/Winsrv.xml
windows10-2004-x64
1Lang/en-US...el.xml
windows10-2004-x64
1Lang/en-US...nt.xml
windows10-2004-x64
1Lang/en-US...in.xml
windows10-2004-x64
1Lang/en-US/fthsvc.xml
windows10-2004-x64
1Lang/en-US...th.xml
windows10-2004-x64
1Lang/en-US/iSCSI.xml
windows10-2004-x64
1Lang/en-US/msched.xml
windows10-2004-x64
1Lang/en-US/nca.adml
windows10-2004-x64
3Lang/en-US/pca.xml
windows10-2004-x64
1Lang/en-US...ng.xml
windows10-2004-x64
1Lang/en-US...ci.xml
windows10-2004-x64
1Lang/en-US/tcpip.xml
windows10-2004-x64
1Lang/en-US...vc.xml
windows10-2004-x64
1Lang/en-US...vc.xml
windows10-2004-x64
1Lang/lang-1049.dll
windows10-2004-x64
1Lang/lang-1058.dll
windows10-2004-x64
1PassCode.txt
windows10-2004-x64
1Settings/.pak
windows10-2004-x64
3Settings/2.pak
windows10-2004-x64
3Settings/library.dll
windows10-2004-x64
1Settings/opengl.sys
windows10-2004-x64
3Setup.exe
windows10-2004-x64
10caboose.eml
windows10-2004-x64
3d3dx9_43.dll
windows10-2004-x64
1opengl64.dll
windows10-2004-x64
1repertory.wma
windows10-2004-x64
6General
-
Target
PaSsCodé--22334_Setup.zip
-
Size
4.0MB
-
Sample
240629-sr5rmatanq
-
MD5
cf9400f753810efd91a4754dfd5b5fba
-
SHA1
a747a60b6fc35b12e5eca1653e7248d3313f0cef
-
SHA256
12729cdce3ff1c0fe9245ab71a10305bc71f4ff1c42de72625595511c9cfafd4
-
SHA512
e020679a6482a1e38760860f3032a648d0bb351d3c3a223e84d6817a3c02240e75bbdceba3ef839e5ab970a3400755b2dbef2425ed0c1c5c25e0c358a5835d05
-
SSDEEP
98304:KgEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVn:nEsIpIarKwYSLKshlfbVn
Static task
static1
Behavioral task
behavioral1
Sample
PaSsCodé--22334_Setup.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Key.png
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
PassCode.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Lang/en-US/WindowsUpdate.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Lang/en-US/Winsrv.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Lang/en-US/WordWheel.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral8
Sample
Lang/en-US/WorkFolders-Client.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Lang/en-US/WorkplaceJoin.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
Lang/en-US/fthsvc.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Lang/en-US/hotspotauth.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
Lang/en-US/iSCSI.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Lang/en-US/msched.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Lang/en-US/nca.adml
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Lang/en-US/pca.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
Lang/en-US/sdiageng.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Lang/en-US/srm-fci.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
Lang/en-US/tcpip.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Lang/en-US/wlansvc.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Lang/en-US/wwansvc.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
Lang/lang-1049.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Lang/lang-1058.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
PassCode.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
Settings/.pak
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Settings/2.pak
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
Settings/library.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Settings/opengl.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
caboose.eml
Resource
win10v2004-20240611-en
Behavioral task
behavioral30
Sample
d3dx9_43.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
opengl64.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
repertory.wma
Resource
win10v2004-20240611-en
Malware Config
Extracted
vidar
https://kotawa.top
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
PaSsCodé--22334_Setup.zip
-
Size
4.0MB
-
MD5
cf9400f753810efd91a4754dfd5b5fba
-
SHA1
a747a60b6fc35b12e5eca1653e7248d3313f0cef
-
SHA256
12729cdce3ff1c0fe9245ab71a10305bc71f4ff1c42de72625595511c9cfafd4
-
SHA512
e020679a6482a1e38760860f3032a648d0bb351d3c3a223e84d6817a3c02240e75bbdceba3ef839e5ab970a3400755b2dbef2425ed0c1c5c25e0c358a5835d05
-
SSDEEP
98304:KgEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVn:nEsIpIarKwYSLKshlfbVn
Score1/10 -
-
-
Target
Key.png
-
Size
5KB
-
MD5
0bce6d336e3480fc124603e066722db1
-
SHA1
ffeeab92508775d5e8026caf98357f508c754b5a
-
SHA256
1be622e74792f445da4e989670d06b68e13252f78703418f9ebac1ecf0a0f1a6
-
SHA512
61ce0546834800f26eb4bea18c85067760b1d8c8339b957c735a5e38d0a35e4c90babd2aa5c805febf7b604ffd5968b62bb38834c6f3c30c7a684672c84fe77f
-
SSDEEP
96:lN844n3HkGrtDmXXe0bl3fP2eXdFNl48VXUyDALEpjdy:lKnH7rtDsd3fP2eXdFPrpNALM0
Score3/10 -
-
-
Target
PassCode.txt
-
Size
7.2MB
-
MD5
914db8b02bb5ace88d064596a4455136
-
SHA1
ecfce479982f5bca5a96ab6e9fc438ba5e6237e5
-
SHA256
1df0202fe59ad2c6625d4de756471c85d8dc48828124e9fe177713989b0ca1de
-
SHA512
1199489bf2246fcf011eaad3cc832951a1a9b98a6a020fa5f4b6c3ccbe8aef93b773227c5119779ce5dbcb9b4abeeff9d2b7cb57abd47726658da5aff7971517
-
SSDEEP
6:jR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8U:r
Score1/10 -
-
-
Target
-
Size
4.0MB
-
MD5
c5f7a059668335c6eacabba29f50f521
-
SHA1
588f932ef2afa56cb7be188b72d7a308acc936cb
-
SHA256
de1870c52bf6b4afa863ee1b4b2b4e638ff7bbb18e5be8cfd9fae333b0ac4998
-
SHA512
35c5e37c7592f7ef67df5b94c30dc754bc63d8db4cea4a11b8afd2beeee0b401fcd2ad8d89468b69dc79c2dae638218f87f69e60220d8c4a9f677bb9069354a9
-
SSDEEP
98304:9gEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVi:yEsIpIarKwYSLKshlfbVi
Score3/10 -
-
-
Target
Lang/en-US/WindowsUpdate.adml
-
Size
33KB
-
MD5
1b4df1c94fae81c341abea40c9adad9c
-
SHA1
7dbde04efaf2d6b703417cc6fb0b146d6fd4214f
-
SHA256
2aec8dcd9608b57d3d65321b399faa530552027f0e3ca814f477816df803e201
-
SHA512
4cfce39ba34ee283eec89900afca583ae9c0ae86caa3ee8ec90891347825af81dd82bd08960551852c6b7c8fd77b5ecde9ba75c16a3986b7663cb494e3c6e30a
-
SSDEEP
384:xtl2CSosXR2nMZIvHWRzwjxqDx6rUtuLTaUL4wl2bux0AcY5Bnn6aaF8MSaUVNKl:xtlwhQMZI/W5w8t6rjxXcYXnhaa3Tu
Score1/10 -
-
-
Target
Lang/en-US/Winsrv.adml
-
Size
1KB
-
MD5
76d4b8899387bcd0c081d4301e1b18de
-
SHA1
ebc1dd18a8893ed391379021941451d89692cdcd
-
SHA256
41331bf31c4ba79b1ff7169efa27cf37aee5ed269c1c6894af78f3f6fb40ae59
-
SHA512
629e37a4e24c60a3e34795f17a5e132dbdaef40f43af01b451f6024a4ffc93d36f0381b0b413ce2374778c9d50326345bf0b460d7ccd8f8b5cb1a747cd66f1ff
Score1/10 -
-
-
Target
Lang/en-US/WordWheel.adml
-
Size
2KB
-
MD5
a5fe2005e14e5e7e8792ce0c2bdf53a8
-
SHA1
d4ee1b57fe5c5387e241b51f6209ddd45a6d5be4
-
SHA256
8cb5f08bc1d73ee9c83ef7043a8bda0cf250e7bedd1c84e700e6a8a913beaf86
-
SHA512
332bf547d8883df20aa82d2c6f9e3dcd89e2997ec16436a377f6135df1136b595a9b91eb91c70bd3068f71eba72007c4dae32d3b0584a5fb392a9158a57036b7
Score1/10 -
-
-
Target
Lang/en-US/WorkFolders-Client.adml
-
Size
3KB
-
MD5
f6075fa597f6343205f02cfaf7cf87a7
-
SHA1
7a1f11393676af8a2b8c95eede05007a6f2db31e
-
SHA256
b6a4f7ebe7a44f81b7a5d4c7a38fea3fcfcd184fa16e46863c1535323197be1a
-
SHA512
40358de36bfc342fe314b6fadaca3b1523bb05658f792f1306fc0e4334e50cadd55777069f59e0483c77a5d13c07293909f4bd2596757ef7b2d3504d37522a9a
Score1/10 -
-
-
Target
Lang/en-US/WorkplaceJoin.adml
-
Size
1KB
-
MD5
68e7e1bee13094c1c0f9896f82b4d741
-
SHA1
5d7f87c220ea3eb57322c9fc0986b2efcaebb01a
-
SHA256
4754f8a9b020216a0f9ca4c7357a6794d3c98735d9b7857fcbc19ed1401021e3
-
SHA512
6ccd89b24ac4d9232d45a91e3002f69230ba38a878057abc0a0bd07f3b7a44cc9e97be29267cbb56c9d3304ec9ca75c3e662da1d2e154f3155a029f30c6acf91
Score1/10 -
-
-
Target
Lang/en-US/fthsvc.adml
-
Size
1KB
-
MD5
418d7ac091847ab77d095c57fa41a684
-
SHA1
3344d9a7df3250dc67e0ae77a3852504b57fd45d
-
SHA256
1264f3a19797d8daee79006048cf0430fc85d1fa8aac8c64c5a60351c7753901
-
SHA512
86c39cffac76b5417780116dcd6e264c05939c52d7e8920330fabc657afc34ee9ec0c09edb871b9f6b3e9c75cd1e12029b29df6a8d12cb24a8d3810d71bdb8d2
Score1/10 -
-
-
Target
Lang/en-US/hotspotauth.adml
-
Size
1KB
-
MD5
c8f213bdf5b362440a28d5d5fdd86fb8
-
SHA1
587a99fd8725fbbef863d8d01d3993123817a8b3
-
SHA256
8a6601421a6de212b6b1ff4990ed462251f3c4c75cb37d7bba0afc814b0c50f1
-
SHA512
966be4dbf177b42253853a03b08447b48315ff51cf05c9fa88fa2a5a344cc9e02a357d7a7faf61a831eda39fa9af35b88389fb8eafe6ba72a8d7f8bce90effb1
Score1/10 -
-
-
Target
Lang/en-US/iSCSI.adml
-
Size
5KB
-
MD5
fe14e28c69993accec221be3c7a99e5c
-
SHA1
af4a9b9485d3cae6bb21dc2932a705247c20ec01
-
SHA256
68b3df1ed58900e693440d614266c2f8fa20a87f75b9183a5bebfab5c3c6b4c2
-
SHA512
b60557a69068d7f37ce89c724d22340e464e4dfde039e9e4a10be2f4458c165456872632d886eadbaa7ac72f23dab8af32ec1a1dae2605edc7d25004e878772b
-
SSDEEP
96:LeD5pmCaYOcq03f1QSxMMdeuRr48/TNZvOfxk5DxKhFwfDFpm8h7w1D7zDGFV:EPaYO503f1QSy+euRD/TNZvOfxk5DxKQ
Score1/10 -
-
-
Target
Lang/en-US/msched.adml
-
Size
3KB
-
MD5
224beabeb0b0c06f17cd758d7f5ca442
-
SHA1
5d6443e03f0345b93561d2958c725e963ce1ebcd
-
SHA256
c65da0df5066f72eff8b61edf4f7b900650462fe38260c98c43a2dfcbeef8634
-
SHA512
17ad214fa68e221f9805472ab453b13477656ac0f7a1612f2260b369f2f1e33d0dcc2e03851a3cb72999f16ef790b56f2cc0e1c341723fd1bb0c6937fea1b98d
Score1/10 -
-
-
Target
Lang/en-US/nca.adml
-
Size
8KB
-
MD5
913c464cfbd79fbb24dddb6a91d1c375
-
SHA1
de4ab693b5b746695b00e6f00efc190d7541242f
-
SHA256
6e3e490033e86709bbead8a1ca4f35dd478297bd932a76c3d9942dd59f8ac27f
-
SHA512
346c4aa6fbc299ecc94c2ca4970a4ec4867235fd9268e4e89c2f32d526a1f75824565442b555080cd374c229d6c5ecfd2cf6b7b96dc85fcabd14f9225fe05ceb
-
SSDEEP
192:xvEwDvJfTqcK3KoGmwrtrqGryq5hP8lv5UNgTe:xvE8fWVQpHOq5hP8vuge
Score3/10 -
-
-
Target
Lang/en-US/pca.adml
-
Size
6KB
-
MD5
78021a8deb0981dd65154025032bb7d5
-
SHA1
5b59f46a232e9752d6405949564b435d1ad709b5
-
SHA256
899c5ff462e34e8319ac0c59a9bc794695166970ba28495c473754fa5c3de457
-
SHA512
c4bba2c6a05b10a74d603225ce69bf6ec3d08cf8039d56e5118774179a628a237f9119c09215c4feb7be5d5d06a8e5cf6b07fe2822d0af7e65fefd47fa9e039e
-
SSDEEP
96:LeD5pm0ybro3NXRz6/LPrwwfsHO+/7Oaj3V:EDyXo3NXRz+0w0HdjtjF
Score1/10 -
-
-
Target
Lang/en-US/sdiageng.adml
-
Size
3KB
-
MD5
145eb767dfaac5b7d79a9df8c4fd6504
-
SHA1
ef931f6bd052785b77b640f310bb593da3fbc881
-
SHA256
f2483555c3531d0821703d3696acbfe5528a031d762661249cd6df8434accfc3
-
SHA512
8b5ac9abf5870c9f2d9708e8858121815ce875e379700e7e4797f84631802d82ffe0a32c1983cf23bd6b09d775965f0192939d03cac6f1e5fd2b54cc55ee2602
Score1/10 -
-
-
Target
Lang/en-US/srm-fci.adml
-
Size
7KB
-
MD5
7b04e3f4356b26d851628246dac94705
-
SHA1
ab5ac1954a3652bcb12946b607c2b1f4d876da21
-
SHA256
e6f4193f29666226d72365c364e473f1f9deb47405dfedca38a215eb61fff967
-
SHA512
e1a0c7a200aedcd3fb55e64bf67a0ee9eed91c0632c178a54fa98e20d9b4c32680f17900bc66017fef3f595a6fca06624b2c0cf7d5b4e8490c177f3afac1a414
-
SSDEEP
96:wNa+/IQexYsInNwFxpeHe+zpoDQzwvU9Q7nwefXvU9Q7HTV:G/In5xpe++zpoDhv8w/v80
Score1/10 -
-
-
Target
Lang/en-US/tcpip.adml
-
Size
13KB
-
MD5
0b0da2277fe7b257b26ed87e595cdcf5
-
SHA1
5f790c95e1703a243f0678fdf521772811b4d352
-
SHA256
89ec65c0144936de7a31b903d9a8dbd2e436fd098de9aa91eaf164a5a8b6db1b
-
SHA512
581018f7e5e6acfbb4d7e8b6bdadca26abe829ed1e12aaf1b86fb70857df9b2290056b3890e969a62da027399fa4624e1b9478679b91632ad1ce12d1a09d0250
-
SSDEEP
96:LeD5pmjKFPT4fv3EIrv3Iv/g8/vRzZxOkRvhRkKSbHw1cZICCHzBaTBeQqqL7tgA:E6fv3EWv3Ivo8Fn/nYwrqjvigA95Zy/D
Score1/10 -
-
-
Target
Lang/en-US/wlansvc.adml
-
Size
1KB
-
MD5
13e20c78e89e7fc58934bcff584e12a1
-
SHA1
52dcc829c427ce609034c9106460c7734bebd3ed
-
SHA256
a59e2ed355ac803474c9ef02a60076bb98adbb33ad6aa6884ab1b4850bac4c02
-
SHA512
14c6db1dcb97692d561c961a5a1a5f0f25bc6cc3cb28dc878cd46296339e16c36ba8a364be4f80a42d2c27725becded3020dc68be820f0343fe92a961f018966
Score1/10 -
-
-
Target
Lang/en-US/wwansvc.adml
-
Size
2KB
-
MD5
761af87d50f53f0ce9947b5d486c30fa
-
SHA1
dc926f9449848cce778326607bd4787ed6c80a01
-
SHA256
8f1f6c7509f5c7c27b8f6e5dcf81fb8c02ae3ffee825f6cfa4171a712be018d4
-
SHA512
eccf653d5935c3777f14f08c0f5318b927e230c08aaa09debfd09aca23a27b0887fe94a8670b635fd7d7b6accf3d3dfed2bfbcd02298a5b58089d66219a7e366
Score1/10 -
-
-
Target
Lang/lang-1049.dll
-
Size
258KB
-
MD5
0ac98a4bfc717523e344010a42c2f4ba
-
SHA1
7967769ee63b28fc8bec14854a4a0a71bda6b3f2
-
SHA256
68546336232aa2be277711afa7c1f08ecd5fcc92cc182f90459f0c61fb39507f
-
SHA512
8a5f4f19c24c24a43d9d18a8935613ad6a031b8f33d582767a2407665f1ff39a403ddaeecbf4f22a58759fcd53f81f4392192ca9fa784ff098a6c995509f9547
-
SSDEEP
768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc
Score1/10 -
-
-
Target
Lang/lang-1058.dll
-
Size
262KB
-
MD5
41c75e831a5571c3f72287794391a0e6
-
SHA1
0fe7a9a3c905d0376001a5c46edfc0000fa82bd4
-
SHA256
b3ad99afdaee3b9365e7a3ffcc44c2761e22a4f92dff5e5efdc52f6b08ea0105
-
SHA512
d3d03f3308db1862522127300127839aa44828d29622db20aea71e6a80a51247654e380d7a0126361d85774137826fc345ae368335bb1ea9c1c8995721daf432
-
SSDEEP
1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp
Score1/10 -
-
-
Target
PassCode.txt
-
Size
7.2MB
-
MD5
914db8b02bb5ace88d064596a4455136
-
SHA1
ecfce479982f5bca5a96ab6e9fc438ba5e6237e5
-
SHA256
1df0202fe59ad2c6625d4de756471c85d8dc48828124e9fe177713989b0ca1de
-
SHA512
1199489bf2246fcf011eaad3cc832951a1a9b98a6a020fa5f4b6c3ccbe8aef93b773227c5119779ce5dbcb9b4abeeff9d2b7cb57abd47726658da5aff7971517
-
SSDEEP
6:jR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8U:r
Score1/10 -
-
-
Target
Settings/.pak
-
Size
141.3MB
-
MD5
51b6cbf3d3f42e80b99bfb7b0f026c25
-
SHA1
9cf46c9377ceb09ce0a5ec1f8d978819399481ce
-
SHA256
5900deb8b0ffd914a536ffd3bdd4e53b533c8e5a0da890ca8555dbef99dd2a11
-
SHA512
df25f9ad23c3e8626973ee37ddde6b49f911131bf3d04a5126bc46a4973d3936e35da01c7ab13e936f960dcca9323ce2f8f25c1dca92ab3614bf0f39ed969c95
-
SSDEEP
48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:R
Score3/10 -
-
-
Target
Settings/2.pak
-
Size
181.7MB
-
MD5
b1bfa4f6da5146ef2793cad7252adcd4
-
SHA1
e348a687a3e0ee2d0561fe6f89e63a04d29ef44e
-
SHA256
555536b9bbc8bd62d1d7109a15c7bd6a2b160614d2faaf70af151fe18337e963
-
SHA512
b767f2a7de1116e0ba5ee0dfccb7ec6300557e90e66cb1685a36225ceabe0812ef41c0202f5404fbc87e325141347f94b5add2b8cb66f4b588cda40411781960
-
SSDEEP
48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:x
Score3/10 -
-
-
Target
Settings/library.dll
-
Size
20.2MB
-
MD5
3f4cd861c9327fd968841a95a3dffb57
-
SHA1
d8249409caa4e7fcf328f238a8e382ff528f8e37
-
SHA256
42a61d46f7b5496846537e4e068a781ca40092e3c737087375a5cd69830abbb1
-
SHA512
d148c2ad8bfdb0bc2eb1b5f557f848a87a4b548f8629127cc5859ca14f56548755b06b159c933aab1f65d6289ee13b68517467a773298077768515fc089984f2
-
SSDEEP
48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:x
Score1/10 -
-
-
Target
Settings/opengl.sys
-
Size
20.1MB
-
MD5
381534e74aadbeb6bb8ff2c787a5c2b2
-
SHA1
0fd72d669c84ff6b1988b5c6725ee55329be2138
-
SHA256
ffb649c45b832772cc0025a7039e2cb0da8766585c3311d2043e63e1809cb9c1
-
SHA512
491e43e04687eb13609cedff2ab6d6e68952a5196c84e0aaa02e2e6fa8c1b5e4203002238f360cfacf30edf3e3960a26ff6dd785c79ff705901575342f8e9a24
-
SSDEEP
48:MyyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyY:N
Score3/10 -
-
-
Target
Setup.exe
-
Size
2.2MB
-
MD5
d9530ecee42acccfd3871672a511bc9e
-
SHA1
89b4d2406f1294bd699ef231a4def5f495f12778
-
SHA256
81e04f9a131534acc0e9de08718c062d3d74c80c7f168ec7e699cd4b2bd0f280
-
SHA512
d5f048ea995affdf9893ec4c5ac5eb188b6714f5b6712e0b5a316702033421b145b8ee6a62d303eb4576bf8f57273ff35c5d675807563a31157136f79d8a9980
-
SSDEEP
49152:rHOut2Bf0ajIM8XEEN6N0rE/I/vqn7krQEQusd5F:VbaMbXbE/I/SnwrQEQusd/
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
caboose.eml
-
Size
1.2MB
-
MD5
f618ac171eab243d1d5c0bd372793655
-
SHA1
1abab648911d96559f6c2b580a6810f3d102958f
-
SHA256
f0af9ed6a2f706a3fea993c3050f35a9768f1940c951907ddfeab2c0ef7dfb4d
-
SHA512
7cd31348d773fdbe83d4d3a10be98bc7dfef73914cd48c3634593e171b11c3a2367611875a8e34dd3a963231ec4f3748ff87e1f08fc04755f6e1d72e03229d04
-
SSDEEP
24576:ZBGVtqybowkLwnagt7PxnwHDqLgDpERgqeUmFMk+2FbtcQ2AzfFK:Z6tqybowUwnKugd2TtmFMk1J72AY
Score3/10 -
-
-
Target
d3dx9_43.dll
-
Size
1.9MB
-
MD5
14e0329f97b3742c07a8ede2ada147ea
-
SHA1
2d9c20571295645725ff4680effb0bcd02e119b5
-
SHA256
be30357ce9449fde155b0c9b1beaafdbb608886451eede2cc6f9d936e2dcbd5a
-
SHA512
f0e273d4989cbe9d3d40e58b30b555321ffedf8752a6161a0e1e68ad5bd3d2d61b4e613ca1ce89967fe202b77b0e1565f7666f1ca30f1133a5d6f3a96e562c99
-
SSDEEP
24576:I7ZU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBk:IS66l2u45BiNYFrz31Cv3D29kd6k6+
Score1/10 -
-
-
Target
opengl64.dll
-
Size
145.8MB
-
MD5
71466589eb444bbf272c0f5c920c57f0
-
SHA1
4fcace49ee032779d3bf7b8e03c6a9f29ed871ba
-
SHA256
e7d625cf255360b0ea96a52ca990be6f1cef522ff7440393e45b12793ac88031
-
SHA512
eff62450cf03d72af2594d750a70b008226fa2e46216661716287639bf5e1ff1303076fdaf4f062ca4098ef10a8e29502de55ecb3a6e04753aad7fcad01e3352
-
SSDEEP
48:0ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZY:n
Score1/10 -
-
-
Target
repertory.wma
-
Size
93KB
-
MD5
7b27f14389dad42f9530da57a9948d60
-
SHA1
8c1b60eab80dd1d71c8f26ee993f0b2cf6fa7594
-
SHA256
b078794624d3bc4dc1e7b84d1f449670321a248644c0007c4feb74b2b0320a71
-
SHA512
a17b4ca24a91e40fadfd98144ffb50beef9524666f937ee03fc3438ee91441b49c823fa8bcf6e5a87727f29c8b87300f676bc3266d8e1844c4790befdbad7253
-
SSDEEP
1536:zjAEB1m99a74Odx7k2W0x+pKQGw9PbfuIkL8r0eF:zjAEB1RPdx7BW0IRRbfuIc8rD
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-