General
-
Target
6888185dd5aa73d3b4c61ea8bd10b3c0604845e15092b393f086f803f1e1a504.exe
-
Size
642KB
-
Sample
210507-t9wgte46qs
-
MD5
978537de8e773549b874bdd34a83b368
-
SHA1
be4846ae16dbb13d8b9ccc8db8ffda37c60048b5
-
SHA256
6888185dd5aa73d3b4c61ea8bd10b3c0604845e15092b393f086f803f1e1a504
-
SHA512
1a9bbed8d7a2eeebd843aa6a95331857b0f0723a31dd25e5364eef2f5d81e04cc31fb28c4e0b35c9b0bbe4fa2b03b162b76c8cc3c8a2b702b463389e41281354
Static task
static1
Behavioral task
behavioral1
Sample
6888185dd5aa73d3b4c61ea8bd10b3c0604845e15092b393f086f803f1e1a504.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
6888185dd5aa73d3b4c61ea8bd10b3c0604845e15092b393f086f803f1e1a504.exe
-
Size
642KB
-
MD5
978537de8e773549b874bdd34a83b368
-
SHA1
be4846ae16dbb13d8b9ccc8db8ffda37c60048b5
-
SHA256
6888185dd5aa73d3b4c61ea8bd10b3c0604845e15092b393f086f803f1e1a504
-
SHA512
1a9bbed8d7a2eeebd843aa6a95331857b0f0723a31dd25e5364eef2f5d81e04cc31fb28c4e0b35c9b0bbe4fa2b03b162b76c8cc3c8a2b702b463389e41281354
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-