General
-
Target
896b153f7fb9a9ca0e22fe2b247e7bef.exe
-
Size
648KB
-
Sample
210507-t68153npvj
-
MD5
896b153f7fb9a9ca0e22fe2b247e7bef
-
SHA1
a0213f7c4be7a0bc4900c57b051474846c25af9f
-
SHA256
d09737ef7156e053f8e4e70619f673aba108b11f0119ba6dd5fde154edc53718
-
SHA512
4de6b400b682b8e24f8a66c6c216bb536b18bbdeaeb65fe7b8c78eb5aa28d3e649d8daf53a63e1f9fe26ac5d0ff087230f9b9633516eb021586ad9a4ff794453
Static task
static1
Behavioral task
behavioral1
Sample
896b153f7fb9a9ca0e22fe2b247e7bef.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
399
https://HAL9THapi.faceit.comramilgame
-
profile_id
399
Targets
-
-
Target
896b153f7fb9a9ca0e22fe2b247e7bef.exe
-
Size
648KB
-
MD5
896b153f7fb9a9ca0e22fe2b247e7bef
-
SHA1
a0213f7c4be7a0bc4900c57b051474846c25af9f
-
SHA256
d09737ef7156e053f8e4e70619f673aba108b11f0119ba6dd5fde154edc53718
-
SHA512
4de6b400b682b8e24f8a66c6c216bb536b18bbdeaeb65fe7b8c78eb5aa28d3e649d8daf53a63e1f9fe26ac5d0ff087230f9b9633516eb021586ad9a4ff794453
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-