General
-
Target
e10cec8d94d1e940cf51ee0c6e210d8d.exe
-
Size
640KB
-
Sample
210507-hrt7kbhe5x
-
MD5
e10cec8d94d1e940cf51ee0c6e210d8d
-
SHA1
423473c1867ce1dd0d3a66cae7c39704a5fb01b7
-
SHA256
7206113b61061f175d78f0ff5f8e2d33c1b18aaf73c5890ad55f94492c29cb90
-
SHA512
0a67f0fbc6a690d18b033c0ba52989fb65247717b8d4783b1704acf666111436bc632d41a0baa9c0d491501d5135695ec197ed222a85e484cb89a4772070e516
Static task
static1
Behavioral task
behavioral1
Sample
e10cec8d94d1e940cf51ee0c6e210d8d.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
e10cec8d94d1e940cf51ee0c6e210d8d.exe
-
Size
640KB
-
MD5
e10cec8d94d1e940cf51ee0c6e210d8d
-
SHA1
423473c1867ce1dd0d3a66cae7c39704a5fb01b7
-
SHA256
7206113b61061f175d78f0ff5f8e2d33c1b18aaf73c5890ad55f94492c29cb90
-
SHA512
0a67f0fbc6a690d18b033c0ba52989fb65247717b8d4783b1704acf666111436bc632d41a0baa9c0d491501d5135695ec197ed222a85e484cb89a4772070e516
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-