General
-
Target
b08cec0ea39c7ec2b6ae29b4ed8dd74f.exe
-
Size
650KB
-
Sample
210507-768s26b46s
-
MD5
b08cec0ea39c7ec2b6ae29b4ed8dd74f
-
SHA1
ec3e53bb08b4368f15935c68da625e0fecd7a041
-
SHA256
8bc5ef0b7e7ba588ec0b035903a19c8cac3a70c46ddb52a8d5f49a94738797ad
-
SHA512
2dd8720f78058efc3e977b84d79dbb43e5554ffd65ce862ceac864fae039338b21a6caa39bbb568f00e6c430b32880b2eea160baf75184ed40d549ec80558099
Static task
static1
Behavioral task
behavioral1
Sample
b08cec0ea39c7ec2b6ae29b4ed8dd74f.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
b08cec0ea39c7ec2b6ae29b4ed8dd74f.exe
-
Size
650KB
-
MD5
b08cec0ea39c7ec2b6ae29b4ed8dd74f
-
SHA1
ec3e53bb08b4368f15935c68da625e0fecd7a041
-
SHA256
8bc5ef0b7e7ba588ec0b035903a19c8cac3a70c46ddb52a8d5f49a94738797ad
-
SHA512
2dd8720f78058efc3e977b84d79dbb43e5554ffd65ce862ceac864fae039338b21a6caa39bbb568f00e6c430b32880b2eea160baf75184ed40d549ec80558099
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-