General
-
Target
2d2120a0d3c321d45ca660e206b63b3f.exe
-
Size
650KB
-
Sample
210507-2g8fa8c8qx
-
MD5
2d2120a0d3c321d45ca660e206b63b3f
-
SHA1
ba42eda194f11d77c07b8e884aa36d5c89137be2
-
SHA256
fb0324ec1a5215c1b86bfd1bcb8dc631b4e0f295e18d584387db93337ecbc06f
-
SHA512
24429428b8ef2742808142793dcb3c1363663faf523c42ae3bb2fe872292920048204725da9269981eebf1f7bae3a409f21f469d14718215d4e475e38131387d
Static task
static1
Behavioral task
behavioral1
Sample
2d2120a0d3c321d45ca660e206b63b3f.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
2d2120a0d3c321d45ca660e206b63b3f.exe
-
Size
650KB
-
MD5
2d2120a0d3c321d45ca660e206b63b3f
-
SHA1
ba42eda194f11d77c07b8e884aa36d5c89137be2
-
SHA256
fb0324ec1a5215c1b86bfd1bcb8dc631b4e0f295e18d584387db93337ecbc06f
-
SHA512
24429428b8ef2742808142793dcb3c1363663faf523c42ae3bb2fe872292920048204725da9269981eebf1f7bae3a409f21f469d14718215d4e475e38131387d
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-