General
-
Target
2eda089640072a2981f8be88baf1d3a3.exe
-
Size
642KB
-
Sample
210507-ndqvfbrbhx
-
MD5
2eda089640072a2981f8be88baf1d3a3
-
SHA1
5f8552d0ce1965ed1c18fbae90f230a3b5b38fcf
-
SHA256
015f6b7cf4b06273ee48d0a5f7672e0354dcec2d69380bb6eaff063450a3a8cd
-
SHA512
962c54b80340747642e7faefcf9200a0992cb1bf4ccd0a019d01e515b4ed32745f870608a1f965ebc45ac30a05a90d0be34823d27798d6840611e6ea40e9018e
Static task
static1
Behavioral task
behavioral1
Sample
2eda089640072a2981f8be88baf1d3a3.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
2eda089640072a2981f8be88baf1d3a3.exe
-
Size
642KB
-
MD5
2eda089640072a2981f8be88baf1d3a3
-
SHA1
5f8552d0ce1965ed1c18fbae90f230a3b5b38fcf
-
SHA256
015f6b7cf4b06273ee48d0a5f7672e0354dcec2d69380bb6eaff063450a3a8cd
-
SHA512
962c54b80340747642e7faefcf9200a0992cb1bf4ccd0a019d01e515b4ed32745f870608a1f965ebc45ac30a05a90d0be34823d27798d6840611e6ea40e9018e
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-