General
-
Target
b45cab378ecffab47a093c4fbab84f59.exe
-
Size
622KB
-
Sample
210507-c8ds3ldcg2
-
MD5
b45cab378ecffab47a093c4fbab84f59
-
SHA1
480cc0be2ba967c85e358cd027a4d34e0693b3ed
-
SHA256
df4cd9ab52e33c4216936ee0e9449353f1b06944a80667cef4855208d47220bd
-
SHA512
26a2846507de782ee26c303f1dcdb1db79a086b736a535208013df72d77db940d346ccefae9e1a0c8b894ea8a2ebe0803f3df9076618f16aff236b29289b2b34
Static task
static1
Behavioral task
behavioral1
Sample
b45cab378ecffab47a093c4fbab84f59.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
b45cab378ecffab47a093c4fbab84f59.exe
-
Size
622KB
-
MD5
b45cab378ecffab47a093c4fbab84f59
-
SHA1
480cc0be2ba967c85e358cd027a4d34e0693b3ed
-
SHA256
df4cd9ab52e33c4216936ee0e9449353f1b06944a80667cef4855208d47220bd
-
SHA512
26a2846507de782ee26c303f1dcdb1db79a086b736a535208013df72d77db940d346ccefae9e1a0c8b894ea8a2ebe0803f3df9076618f16aff236b29289b2b34
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-