General
-
Target
08ebf44504c59a45d9fb739eaf9c7ce1f8a57224674f55782f4373d13794006a.exe
-
Size
206KB
-
Sample
240710-z1pv4aserd
-
MD5
4022bc5f1dcdf1a90d117aa67917cc41
-
SHA1
9126fba502990a26027d01588959c42c0480cba0
-
SHA256
08ebf44504c59a45d9fb739eaf9c7ce1f8a57224674f55782f4373d13794006a
-
SHA512
66672b764beb356b0a592f21bc4d9551d8297b5f278df5aed9fbdfa92afabd6a18066a6c8d4c9fe41e2236b1a28850b7d0b8400c3189232f40b6fcb1c1d29bfd
-
SSDEEP
3072:HQZ37mj1bVbRKEglAlJacFn6nE+SoareNsagziP9ufWo8X:wZLE1b2EWi7USoalqufWR
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199735694209
https://t.me/puffclou
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Targets
-
-
Target
08ebf44504c59a45d9fb739eaf9c7ce1f8a57224674f55782f4373d13794006a.exe
-
Size
206KB
-
MD5
4022bc5f1dcdf1a90d117aa67917cc41
-
SHA1
9126fba502990a26027d01588959c42c0480cba0
-
SHA256
08ebf44504c59a45d9fb739eaf9c7ce1f8a57224674f55782f4373d13794006a
-
SHA512
66672b764beb356b0a592f21bc4d9551d8297b5f278df5aed9fbdfa92afabd6a18066a6c8d4c9fe41e2236b1a28850b7d0b8400c3189232f40b6fcb1c1d29bfd
-
SSDEEP
3072:HQZ37mj1bVbRKEglAlJacFn6nE+SoareNsagziP9ufWo8X:wZLE1b2EWi7USoalqufWR
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-