General
-
Target
44210fb592c05faa28a27d99d3c66214.exe
-
Size
690KB
-
Sample
201109-pwld8dxy6n
-
MD5
44210fb592c05faa28a27d99d3c66214
-
SHA1
5246abac84c6e708fbc37fb3df3531955c8b1673
-
SHA256
d5445db0317af2ab05690f7037065681f908b3ae4da8d53ff5160b6627d74aac
-
SHA512
8c5b4ad06a16b6bb8156dfd40019c601c6aa675166fb7f87b9638b86ceb3d9f60879d3e6194aee8f9d59d3aca6b0e9254898648c7ee687724ac41954c5a714b9
Malware Config
Targets
-
-
Target
44210fb592c05faa28a27d99d3c66214.exe
-
Size
690KB
-
MD5
44210fb592c05faa28a27d99d3c66214
-
SHA1
5246abac84c6e708fbc37fb3df3531955c8b1673
-
SHA256
d5445db0317af2ab05690f7037065681f908b3ae4da8d53ff5160b6627d74aac
-
SHA512
8c5b4ad06a16b6bb8156dfd40019c601c6aa675166fb7f87b9638b86ceb3d9f60879d3e6194aee8f9d59d3aca6b0e9254898648c7ee687724ac41954c5a714b9
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-