General
-
Target
8fd93c47968302f98aa456c0a52666f3.exe
-
Size
633KB
-
Sample
210507-qyfp4wn2cn
-
MD5
8fd93c47968302f98aa456c0a52666f3
-
SHA1
5c7484ec3d83670fad897404192733c9caef09b8
-
SHA256
f1eb9e418bb356a097f70bdfcd56cc1eab63192e0a1607d6698298a4d41a7983
-
SHA512
680d6041fbbc3134007708787537fc63b735cde66922e73b3c756ac2997e01e9b11e5323d3dccfa864995482693773549c20e02d6a2b0dc318e8ed6138ea88d6
Static task
static1
Behavioral task
behavioral1
Sample
8fd93c47968302f98aa456c0a52666f3.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
8fd93c47968302f98aa456c0a52666f3.exe
-
Size
633KB
-
MD5
8fd93c47968302f98aa456c0a52666f3
-
SHA1
5c7484ec3d83670fad897404192733c9caef09b8
-
SHA256
f1eb9e418bb356a097f70bdfcd56cc1eab63192e0a1607d6698298a4d41a7983
-
SHA512
680d6041fbbc3134007708787537fc63b735cde66922e73b3c756ac2997e01e9b11e5323d3dccfa864995482693773549c20e02d6a2b0dc318e8ed6138ea88d6
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-