General
-
Target
9e12cb9e980c8378a5671266b4941e7b.exe
-
Size
642KB
-
Sample
210507-bmmyy7282n
-
MD5
9e12cb9e980c8378a5671266b4941e7b
-
SHA1
b03d0374be7622012de015732148a08979db64d4
-
SHA256
46338edf80cae4b55da5d78f2ecdc049a94800d7795bb870cf59ce9724d8685e
-
SHA512
a54a347ce252ebd9227248686c6879bff79d4912a10cd8cb3fe9f1ec0f403dc54e431da0d22f7419fe167e3258b555f9e4a520a78a6d4455de61fdcf64aa75a8
Static task
static1
Behavioral task
behavioral1
Sample
9e12cb9e980c8378a5671266b4941e7b.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
9e12cb9e980c8378a5671266b4941e7b.exe
-
Size
642KB
-
MD5
9e12cb9e980c8378a5671266b4941e7b
-
SHA1
b03d0374be7622012de015732148a08979db64d4
-
SHA256
46338edf80cae4b55da5d78f2ecdc049a94800d7795bb870cf59ce9724d8685e
-
SHA512
a54a347ce252ebd9227248686c6879bff79d4912a10cd8cb3fe9f1ec0f403dc54e431da0d22f7419fe167e3258b555f9e4a520a78a6d4455de61fdcf64aa75a8
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-