General
-
Target
b6475729905611a662f38bd72b18d2e0.exe
-
Size
641KB
-
Sample
210507-1e12wk35bx
-
MD5
b6475729905611a662f38bd72b18d2e0
-
SHA1
cb42b56e939f2cbdce53b755d30bff35eb0a112a
-
SHA256
ce8044b283fb2dd7ee1376d8ee0d77591279302a8dc2b978cf7ef655c7548225
-
SHA512
8098a5a24b275f3a5bdd0ab9578a7bc28684657dd25137d68cd2027c48025dd460a7bb9e8b777e8d3cdad4a02911ea2fd95bddf5fcdc6baa178c98b4504e7294
Static task
static1
Behavioral task
behavioral1
Sample
b6475729905611a662f38bd72b18d2e0.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
b6475729905611a662f38bd72b18d2e0.exe
-
Size
641KB
-
MD5
b6475729905611a662f38bd72b18d2e0
-
SHA1
cb42b56e939f2cbdce53b755d30bff35eb0a112a
-
SHA256
ce8044b283fb2dd7ee1376d8ee0d77591279302a8dc2b978cf7ef655c7548225
-
SHA512
8098a5a24b275f3a5bdd0ab9578a7bc28684657dd25137d68cd2027c48025dd460a7bb9e8b777e8d3cdad4a02911ea2fd95bddf5fcdc6baa178c98b4504e7294
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-