General
-
Target
c21c38b41e26d025c1772834ddef86f0.exe
-
Size
674KB
-
Sample
210507-ber492a3e2
-
MD5
c21c38b41e26d025c1772834ddef86f0
-
SHA1
32898d4cef9a5ed56ee3b0974ed4140290f39903
-
SHA256
2ac370f6d3f2a5f8008415fb9e0a20b676d08ef337e81722499c96ba47d8a8a1
-
SHA512
c6953e8f182e6549b8954b2faf40864efe0b0affeb7e10d259ca69f7331edc68c73cb2ab4a5d4c054687a7333445328133362f8bae45f5b28526ad94dac4e554
Static task
static1
Behavioral task
behavioral1
Sample
c21c38b41e26d025c1772834ddef86f0.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
c21c38b41e26d025c1772834ddef86f0.exe
-
Size
674KB
-
MD5
c21c38b41e26d025c1772834ddef86f0
-
SHA1
32898d4cef9a5ed56ee3b0974ed4140290f39903
-
SHA256
2ac370f6d3f2a5f8008415fb9e0a20b676d08ef337e81722499c96ba47d8a8a1
-
SHA512
c6953e8f182e6549b8954b2faf40864efe0b0affeb7e10d259ca69f7331edc68c73cb2ab4a5d4c054687a7333445328133362f8bae45f5b28526ad94dac4e554
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-