General
-
Target
f2d2b846d5e7dcb78b8fb8c2b514fdf5.exe
-
Size
642KB
-
Sample
210507-1flzzbqbea
-
MD5
f2d2b846d5e7dcb78b8fb8c2b514fdf5
-
SHA1
be5d9d877c495eae40b30917380111691f636e5a
-
SHA256
7ab3f26484a6668bdd10719916266d661d8ab4a9ae3f68b708b8154a593b110a
-
SHA512
b41d208df919195dee3ed8642b44dda039f03d8e836ddb391ac847fe3c68ea2fad5e9487d79919a56bf6d891172de591933c7db8606651a0045e4ced9af55b6a
Static task
static1
Behavioral task
behavioral1
Sample
f2d2b846d5e7dcb78b8fb8c2b514fdf5.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
f2d2b846d5e7dcb78b8fb8c2b514fdf5.exe
-
Size
642KB
-
MD5
f2d2b846d5e7dcb78b8fb8c2b514fdf5
-
SHA1
be5d9d877c495eae40b30917380111691f636e5a
-
SHA256
7ab3f26484a6668bdd10719916266d661d8ab4a9ae3f68b708b8154a593b110a
-
SHA512
b41d208df919195dee3ed8642b44dda039f03d8e836ddb391ac847fe3c68ea2fad5e9487d79919a56bf6d891172de591933c7db8606651a0045e4ced9af55b6a
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-