General
-
Target
d74c12e6619a1f5e11195a821bb41310.exe
-
Size
640KB
-
Sample
210507-vdcgy23qys
-
MD5
d74c12e6619a1f5e11195a821bb41310
-
SHA1
f3301b91851659505b10536f566443e6b5a29bb4
-
SHA256
177b833837d5cf031a7cdce1c9ac93fe81b648e8f57092a6554ad10fabf78af1
-
SHA512
06016b8094655e25630680b5558227cea566f68d2691a0d67e74f0e4d3d900ab0be3f182645153bf4932bbd5247cae995b7f58de304850bec2721a4eb5ca4188
Static task
static1
Behavioral task
behavioral1
Sample
d74c12e6619a1f5e11195a821bb41310.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
d74c12e6619a1f5e11195a821bb41310.exe
-
Size
640KB
-
MD5
d74c12e6619a1f5e11195a821bb41310
-
SHA1
f3301b91851659505b10536f566443e6b5a29bb4
-
SHA256
177b833837d5cf031a7cdce1c9ac93fe81b648e8f57092a6554ad10fabf78af1
-
SHA512
06016b8094655e25630680b5558227cea566f68d2691a0d67e74f0e4d3d900ab0be3f182645153bf4932bbd5247cae995b7f58de304850bec2721a4eb5ca4188
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-