General

  • Target

    PaSsCodé--22334_Setup.zip

  • Size

    4.0MB

  • Sample

    240629-sr5rmatanq

  • MD5

    cf9400f753810efd91a4754dfd5b5fba

  • SHA1

    a747a60b6fc35b12e5eca1653e7248d3313f0cef

  • SHA256

    12729cdce3ff1c0fe9245ab71a10305bc71f4ff1c42de72625595511c9cfafd4

  • SHA512

    e020679a6482a1e38760860f3032a648d0bb351d3c3a223e84d6817a3c02240e75bbdceba3ef839e5ab970a3400755b2dbef2425ed0c1c5c25e0c358a5835d05

  • SSDEEP

    98304:KgEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVn:nEsIpIarKwYSLKshlfbVn

Malware Config

Extracted

Family

vidar

C2

https://kotawa.top

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

    • Target

      PaSsCodé--22334_Setup.zip

    • Size

      4.0MB

    • MD5

      cf9400f753810efd91a4754dfd5b5fba

    • SHA1

      a747a60b6fc35b12e5eca1653e7248d3313f0cef

    • SHA256

      12729cdce3ff1c0fe9245ab71a10305bc71f4ff1c42de72625595511c9cfafd4

    • SHA512

      e020679a6482a1e38760860f3032a648d0bb351d3c3a223e84d6817a3c02240e75bbdceba3ef839e5ab970a3400755b2dbef2425ed0c1c5c25e0c358a5835d05

    • SSDEEP

      98304:KgEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVn:nEsIpIarKwYSLKshlfbVn

    Score
    1/10
    • Target

      Key.png

    • Size

      5KB

    • MD5

      0bce6d336e3480fc124603e066722db1

    • SHA1

      ffeeab92508775d5e8026caf98357f508c754b5a

    • SHA256

      1be622e74792f445da4e989670d06b68e13252f78703418f9ebac1ecf0a0f1a6

    • SHA512

      61ce0546834800f26eb4bea18c85067760b1d8c8339b957c735a5e38d0a35e4c90babd2aa5c805febf7b604ffd5968b62bb38834c6f3c30c7a684672c84fe77f

    • SSDEEP

      96:lN844n3HkGrtDmXXe0bl3fP2eXdFNl48VXUyDALEpjdy:lKnH7rtDsd3fP2eXdFPrpNALM0

    Score
    3/10
    • Target

      PassCode.txt

    • Size

      7.2MB

    • MD5

      914db8b02bb5ace88d064596a4455136

    • SHA1

      ecfce479982f5bca5a96ab6e9fc438ba5e6237e5

    • SHA256

      1df0202fe59ad2c6625d4de756471c85d8dc48828124e9fe177713989b0ca1de

    • SHA512

      1199489bf2246fcf011eaad3cc832951a1a9b98a6a020fa5f4b6c3ccbe8aef93b773227c5119779ce5dbcb9b4abeeff9d2b7cb57abd47726658da5aff7971517

    • SSDEEP

      6:jR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8U:r

    Score
    1/10
    • Target

    • Size

      4.0MB

    • MD5

      c5f7a059668335c6eacabba29f50f521

    • SHA1

      588f932ef2afa56cb7be188b72d7a308acc936cb

    • SHA256

      de1870c52bf6b4afa863ee1b4b2b4e638ff7bbb18e5be8cfd9fae333b0ac4998

    • SHA512

      35c5e37c7592f7ef67df5b94c30dc754bc63d8db4cea4a11b8afd2beeee0b401fcd2ad8d89468b69dc79c2dae638218f87f69e60220d8c4a9f677bb9069354a9

    • SSDEEP

      98304:9gEsIDdIamYG8KwYSlJgg+8phlPVpAqbvVi:yEsIpIarKwYSLKshlfbVi

    Score
    3/10
    • Target

      Lang/en-US/WindowsUpdate.adml

    • Size

      33KB

    • MD5

      1b4df1c94fae81c341abea40c9adad9c

    • SHA1

      7dbde04efaf2d6b703417cc6fb0b146d6fd4214f

    • SHA256

      2aec8dcd9608b57d3d65321b399faa530552027f0e3ca814f477816df803e201

    • SHA512

      4cfce39ba34ee283eec89900afca583ae9c0ae86caa3ee8ec90891347825af81dd82bd08960551852c6b7c8fd77b5ecde9ba75c16a3986b7663cb494e3c6e30a

    • SSDEEP

      384:xtl2CSosXR2nMZIvHWRzwjxqDx6rUtuLTaUL4wl2bux0AcY5Bnn6aaF8MSaUVNKl:xtlwhQMZI/W5w8t6rjxXcYXnhaa3Tu

    Score
    1/10
    • Target

      Lang/en-US/Winsrv.adml

    • Size

      1KB

    • MD5

      76d4b8899387bcd0c081d4301e1b18de

    • SHA1

      ebc1dd18a8893ed391379021941451d89692cdcd

    • SHA256

      41331bf31c4ba79b1ff7169efa27cf37aee5ed269c1c6894af78f3f6fb40ae59

    • SHA512

      629e37a4e24c60a3e34795f17a5e132dbdaef40f43af01b451f6024a4ffc93d36f0381b0b413ce2374778c9d50326345bf0b460d7ccd8f8b5cb1a747cd66f1ff

    Score
    1/10
    • Target

      Lang/en-US/WordWheel.adml

    • Size

      2KB

    • MD5

      a5fe2005e14e5e7e8792ce0c2bdf53a8

    • SHA1

      d4ee1b57fe5c5387e241b51f6209ddd45a6d5be4

    • SHA256

      8cb5f08bc1d73ee9c83ef7043a8bda0cf250e7bedd1c84e700e6a8a913beaf86

    • SHA512

      332bf547d8883df20aa82d2c6f9e3dcd89e2997ec16436a377f6135df1136b595a9b91eb91c70bd3068f71eba72007c4dae32d3b0584a5fb392a9158a57036b7

    Score
    1/10
    • Target

      Lang/en-US/WorkFolders-Client.adml

    • Size

      3KB

    • MD5

      f6075fa597f6343205f02cfaf7cf87a7

    • SHA1

      7a1f11393676af8a2b8c95eede05007a6f2db31e

    • SHA256

      b6a4f7ebe7a44f81b7a5d4c7a38fea3fcfcd184fa16e46863c1535323197be1a

    • SHA512

      40358de36bfc342fe314b6fadaca3b1523bb05658f792f1306fc0e4334e50cadd55777069f59e0483c77a5d13c07293909f4bd2596757ef7b2d3504d37522a9a

    Score
    1/10
    • Target

      Lang/en-US/WorkplaceJoin.adml

    • Size

      1KB

    • MD5

      68e7e1bee13094c1c0f9896f82b4d741

    • SHA1

      5d7f87c220ea3eb57322c9fc0986b2efcaebb01a

    • SHA256

      4754f8a9b020216a0f9ca4c7357a6794d3c98735d9b7857fcbc19ed1401021e3

    • SHA512

      6ccd89b24ac4d9232d45a91e3002f69230ba38a878057abc0a0bd07f3b7a44cc9e97be29267cbb56c9d3304ec9ca75c3e662da1d2e154f3155a029f30c6acf91

    Score
    1/10
    • Target

      Lang/en-US/fthsvc.adml

    • Size

      1KB

    • MD5

      418d7ac091847ab77d095c57fa41a684

    • SHA1

      3344d9a7df3250dc67e0ae77a3852504b57fd45d

    • SHA256

      1264f3a19797d8daee79006048cf0430fc85d1fa8aac8c64c5a60351c7753901

    • SHA512

      86c39cffac76b5417780116dcd6e264c05939c52d7e8920330fabc657afc34ee9ec0c09edb871b9f6b3e9c75cd1e12029b29df6a8d12cb24a8d3810d71bdb8d2

    Score
    1/10
    • Target

      Lang/en-US/hotspotauth.adml

    • Size

      1KB

    • MD5

      c8f213bdf5b362440a28d5d5fdd86fb8

    • SHA1

      587a99fd8725fbbef863d8d01d3993123817a8b3

    • SHA256

      8a6601421a6de212b6b1ff4990ed462251f3c4c75cb37d7bba0afc814b0c50f1

    • SHA512

      966be4dbf177b42253853a03b08447b48315ff51cf05c9fa88fa2a5a344cc9e02a357d7a7faf61a831eda39fa9af35b88389fb8eafe6ba72a8d7f8bce90effb1

    Score
    1/10
    • Target

      Lang/en-US/iSCSI.adml

    • Size

      5KB

    • MD5

      fe14e28c69993accec221be3c7a99e5c

    • SHA1

      af4a9b9485d3cae6bb21dc2932a705247c20ec01

    • SHA256

      68b3df1ed58900e693440d614266c2f8fa20a87f75b9183a5bebfab5c3c6b4c2

    • SHA512

      b60557a69068d7f37ce89c724d22340e464e4dfde039e9e4a10be2f4458c165456872632d886eadbaa7ac72f23dab8af32ec1a1dae2605edc7d25004e878772b

    • SSDEEP

      96:LeD5pmCaYOcq03f1QSxMMdeuRr48/TNZvOfxk5DxKhFwfDFpm8h7w1D7zDGFV:EPaYO503f1QSy+euRD/TNZvOfxk5DxKQ

    Score
    1/10
    • Target

      Lang/en-US/msched.adml

    • Size

      3KB

    • MD5

      224beabeb0b0c06f17cd758d7f5ca442

    • SHA1

      5d6443e03f0345b93561d2958c725e963ce1ebcd

    • SHA256

      c65da0df5066f72eff8b61edf4f7b900650462fe38260c98c43a2dfcbeef8634

    • SHA512

      17ad214fa68e221f9805472ab453b13477656ac0f7a1612f2260b369f2f1e33d0dcc2e03851a3cb72999f16ef790b56f2cc0e1c341723fd1bb0c6937fea1b98d

    Score
    1/10
    • Target

      Lang/en-US/nca.adml

    • Size

      8KB

    • MD5

      913c464cfbd79fbb24dddb6a91d1c375

    • SHA1

      de4ab693b5b746695b00e6f00efc190d7541242f

    • SHA256

      6e3e490033e86709bbead8a1ca4f35dd478297bd932a76c3d9942dd59f8ac27f

    • SHA512

      346c4aa6fbc299ecc94c2ca4970a4ec4867235fd9268e4e89c2f32d526a1f75824565442b555080cd374c229d6c5ecfd2cf6b7b96dc85fcabd14f9225fe05ceb

    • SSDEEP

      192:xvEwDvJfTqcK3KoGmwrtrqGryq5hP8lv5UNgTe:xvE8fWVQpHOq5hP8vuge

    Score
    3/10
    • Target

      Lang/en-US/pca.adml

    • Size

      6KB

    • MD5

      78021a8deb0981dd65154025032bb7d5

    • SHA1

      5b59f46a232e9752d6405949564b435d1ad709b5

    • SHA256

      899c5ff462e34e8319ac0c59a9bc794695166970ba28495c473754fa5c3de457

    • SHA512

      c4bba2c6a05b10a74d603225ce69bf6ec3d08cf8039d56e5118774179a628a237f9119c09215c4feb7be5d5d06a8e5cf6b07fe2822d0af7e65fefd47fa9e039e

    • SSDEEP

      96:LeD5pm0ybro3NXRz6/LPrwwfsHO+/7Oaj3V:EDyXo3NXRz+0w0HdjtjF

    Score
    1/10
    • Target

      Lang/en-US/sdiageng.adml

    • Size

      3KB

    • MD5

      145eb767dfaac5b7d79a9df8c4fd6504

    • SHA1

      ef931f6bd052785b77b640f310bb593da3fbc881

    • SHA256

      f2483555c3531d0821703d3696acbfe5528a031d762661249cd6df8434accfc3

    • SHA512

      8b5ac9abf5870c9f2d9708e8858121815ce875e379700e7e4797f84631802d82ffe0a32c1983cf23bd6b09d775965f0192939d03cac6f1e5fd2b54cc55ee2602

    Score
    1/10
    • Target

      Lang/en-US/srm-fci.adml

    • Size

      7KB

    • MD5

      7b04e3f4356b26d851628246dac94705

    • SHA1

      ab5ac1954a3652bcb12946b607c2b1f4d876da21

    • SHA256

      e6f4193f29666226d72365c364e473f1f9deb47405dfedca38a215eb61fff967

    • SHA512

      e1a0c7a200aedcd3fb55e64bf67a0ee9eed91c0632c178a54fa98e20d9b4c32680f17900bc66017fef3f595a6fca06624b2c0cf7d5b4e8490c177f3afac1a414

    • SSDEEP

      96:wNa+/IQexYsInNwFxpeHe+zpoDQzwvU9Q7nwefXvU9Q7HTV:G/In5xpe++zpoDhv8w/v80

    Score
    1/10
    • Target

      Lang/en-US/tcpip.adml

    • Size

      13KB

    • MD5

      0b0da2277fe7b257b26ed87e595cdcf5

    • SHA1

      5f790c95e1703a243f0678fdf521772811b4d352

    • SHA256

      89ec65c0144936de7a31b903d9a8dbd2e436fd098de9aa91eaf164a5a8b6db1b

    • SHA512

      581018f7e5e6acfbb4d7e8b6bdadca26abe829ed1e12aaf1b86fb70857df9b2290056b3890e969a62da027399fa4624e1b9478679b91632ad1ce12d1a09d0250

    • SSDEEP

      96:LeD5pmjKFPT4fv3EIrv3Iv/g8/vRzZxOkRvhRkKSbHw1cZICCHzBaTBeQqqL7tgA:E6fv3EWv3Ivo8Fn/nYwrqjvigA95Zy/D

    Score
    1/10
    • Target

      Lang/en-US/wlansvc.adml

    • Size

      1KB

    • MD5

      13e20c78e89e7fc58934bcff584e12a1

    • SHA1

      52dcc829c427ce609034c9106460c7734bebd3ed

    • SHA256

      a59e2ed355ac803474c9ef02a60076bb98adbb33ad6aa6884ab1b4850bac4c02

    • SHA512

      14c6db1dcb97692d561c961a5a1a5f0f25bc6cc3cb28dc878cd46296339e16c36ba8a364be4f80a42d2c27725becded3020dc68be820f0343fe92a961f018966

    Score
    1/10
    • Target

      Lang/en-US/wwansvc.adml

    • Size

      2KB

    • MD5

      761af87d50f53f0ce9947b5d486c30fa

    • SHA1

      dc926f9449848cce778326607bd4787ed6c80a01

    • SHA256

      8f1f6c7509f5c7c27b8f6e5dcf81fb8c02ae3ffee825f6cfa4171a712be018d4

    • SHA512

      eccf653d5935c3777f14f08c0f5318b927e230c08aaa09debfd09aca23a27b0887fe94a8670b635fd7d7b6accf3d3dfed2bfbcd02298a5b58089d66219a7e366

    Score
    1/10
    • Target

      Lang/lang-1049.dll

    • Size

      258KB

    • MD5

      0ac98a4bfc717523e344010a42c2f4ba

    • SHA1

      7967769ee63b28fc8bec14854a4a0a71bda6b3f2

    • SHA256

      68546336232aa2be277711afa7c1f08ecd5fcc92cc182f90459f0c61fb39507f

    • SHA512

      8a5f4f19c24c24a43d9d18a8935613ad6a031b8f33d582767a2407665f1ff39a403ddaeecbf4f22a58759fcd53f81f4392192ca9fa784ff098a6c995509f9547

    • SSDEEP

      768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc

    Score
    1/10
    • Target

      Lang/lang-1058.dll

    • Size

      262KB

    • MD5

      41c75e831a5571c3f72287794391a0e6

    • SHA1

      0fe7a9a3c905d0376001a5c46edfc0000fa82bd4

    • SHA256

      b3ad99afdaee3b9365e7a3ffcc44c2761e22a4f92dff5e5efdc52f6b08ea0105

    • SHA512

      d3d03f3308db1862522127300127839aa44828d29622db20aea71e6a80a51247654e380d7a0126361d85774137826fc345ae368335bb1ea9c1c8995721daf432

    • SSDEEP

      1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp

    Score
    1/10
    • Target

      PassCode.txt

    • Size

      7.2MB

    • MD5

      914db8b02bb5ace88d064596a4455136

    • SHA1

      ecfce479982f5bca5a96ab6e9fc438ba5e6237e5

    • SHA256

      1df0202fe59ad2c6625d4de756471c85d8dc48828124e9fe177713989b0ca1de

    • SHA512

      1199489bf2246fcf011eaad3cc832951a1a9b98a6a020fa5f4b6c3ccbe8aef93b773227c5119779ce5dbcb9b4abeeff9d2b7cb57abd47726658da5aff7971517

    • SSDEEP

      6:jR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8zR8U:r

    Score
    1/10
    • Target

      Settings/.pak

    • Size

      141.3MB

    • MD5

      51b6cbf3d3f42e80b99bfb7b0f026c25

    • SHA1

      9cf46c9377ceb09ce0a5ec1f8d978819399481ce

    • SHA256

      5900deb8b0ffd914a536ffd3bdd4e53b533c8e5a0da890ca8555dbef99dd2a11

    • SHA512

      df25f9ad23c3e8626973ee37ddde6b49f911131bf3d04a5126bc46a4973d3936e35da01c7ab13e936f960dcca9323ce2f8f25c1dca92ab3614bf0f39ed969c95

    • SSDEEP

      48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:R

    Score
    3/10
    • Target

      Settings/2.pak

    • Size

      181.7MB

    • MD5

      b1bfa4f6da5146ef2793cad7252adcd4

    • SHA1

      e348a687a3e0ee2d0561fe6f89e63a04d29ef44e

    • SHA256

      555536b9bbc8bd62d1d7109a15c7bd6a2b160614d2faaf70af151fe18337e963

    • SHA512

      b767f2a7de1116e0ba5ee0dfccb7ec6300557e90e66cb1685a36225ceabe0812ef41c0202f5404fbc87e325141347f94b5add2b8cb66f4b588cda40411781960

    • SSDEEP

      48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:x

    Score
    3/10
    • Target

      Settings/library.dll

    • Size

      20.2MB

    • MD5

      3f4cd861c9327fd968841a95a3dffb57

    • SHA1

      d8249409caa4e7fcf328f238a8e382ff528f8e37

    • SHA256

      42a61d46f7b5496846537e4e068a781ca40092e3c737087375a5cd69830abbb1

    • SHA512

      d148c2ad8bfdb0bc2eb1b5f557f848a87a4b548f8629127cc5859ca14f56548755b06b159c933aab1f65d6289ee13b68517467a773298077768515fc089984f2

    • SSDEEP

      48:LyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYD:x

    Score
    1/10
    • Target

      Settings/opengl.sys

    • Size

      20.1MB

    • MD5

      381534e74aadbeb6bb8ff2c787a5c2b2

    • SHA1

      0fd72d669c84ff6b1988b5c6725ee55329be2138

    • SHA256

      ffb649c45b832772cc0025a7039e2cb0da8766585c3311d2043e63e1809cb9c1

    • SHA512

      491e43e04687eb13609cedff2ab6d6e68952a5196c84e0aaa02e2e6fa8c1b5e4203002238f360cfacf30edf3e3960a26ff6dd785c79ff705901575342f8e9a24

    • SSDEEP

      48:MyyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyYyY:N

    Score
    3/10
    • Target

      Setup.exe

    • Size

      2.2MB

    • MD5

      d9530ecee42acccfd3871672a511bc9e

    • SHA1

      89b4d2406f1294bd699ef231a4def5f495f12778

    • SHA256

      81e04f9a131534acc0e9de08718c062d3d74c80c7f168ec7e699cd4b2bd0f280

    • SHA512

      d5f048ea995affdf9893ec4c5ac5eb188b6714f5b6712e0b5a316702033421b145b8ee6a62d303eb4576bf8f57273ff35c5d675807563a31157136f79d8a9980

    • SSDEEP

      49152:rHOut2Bf0ajIM8XEEN6N0rE/I/vqn7krQEQusd5F:VbaMbXbE/I/SnwrQEQusd/

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      caboose.eml

    • Size

      1.2MB

    • MD5

      f618ac171eab243d1d5c0bd372793655

    • SHA1

      1abab648911d96559f6c2b580a6810f3d102958f

    • SHA256

      f0af9ed6a2f706a3fea993c3050f35a9768f1940c951907ddfeab2c0ef7dfb4d

    • SHA512

      7cd31348d773fdbe83d4d3a10be98bc7dfef73914cd48c3634593e171b11c3a2367611875a8e34dd3a963231ec4f3748ff87e1f08fc04755f6e1d72e03229d04

    • SSDEEP

      24576:ZBGVtqybowkLwnagt7PxnwHDqLgDpERgqeUmFMk+2FbtcQ2AzfFK:Z6tqybowUwnKugd2TtmFMk1J72AY

    Score
    3/10
    • Target

      d3dx9_43.dll

    • Size

      1.9MB

    • MD5

      14e0329f97b3742c07a8ede2ada147ea

    • SHA1

      2d9c20571295645725ff4680effb0bcd02e119b5

    • SHA256

      be30357ce9449fde155b0c9b1beaafdbb608886451eede2cc6f9d936e2dcbd5a

    • SHA512

      f0e273d4989cbe9d3d40e58b30b555321ffedf8752a6161a0e1e68ad5bd3d2d61b4e613ca1ce89967fe202b77b0e1565f7666f1ca30f1133a5d6f3a96e562c99

    • SSDEEP

      24576:I7ZU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBk:IS66l2u45BiNYFrz31Cv3D29kd6k6+

    Score
    1/10
    • Target

      opengl64.dll

    • Size

      145.8MB

    • MD5

      71466589eb444bbf272c0f5c920c57f0

    • SHA1

      4fcace49ee032779d3bf7b8e03c6a9f29ed871ba

    • SHA256

      e7d625cf255360b0ea96a52ca990be6f1cef522ff7440393e45b12793ac88031

    • SHA512

      eff62450cf03d72af2594d750a70b008226fa2e46216661716287639bf5e1ff1303076fdaf4f062ca4098ef10a8e29502de55ecb3a6e04753aad7fcad01e3352

    • SSDEEP

      48:0ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZY:n

    Score
    1/10
    • Target

      repertory.wma

    • Size

      93KB

    • MD5

      7b27f14389dad42f9530da57a9948d60

    • SHA1

      8c1b60eab80dd1d71c8f26ee993f0b2cf6fa7594

    • SHA256

      b078794624d3bc4dc1e7b84d1f449670321a248644c0007c4feb74b2b0320a71

    • SHA512

      a17b4ca24a91e40fadfd98144ffb50beef9524666f937ee03fc3438ee91441b49c823fa8bcf6e5a87727f29c8b87300f676bc3266d8e1844c4790befdbad7253

    • SSDEEP

      1536:zjAEB1m99a74Odx7k2W0x+pKQGw9PbfuIkL8r0eF:zjAEB1RPdx7BW0IRRbfuIc8rD

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

stealcvidardiscoveryspywarestealer
Score
10/10

behavioral29

Score
3/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
6/10