General
-
Target
3f477f9a8d127a24aea48734ad4560ec.exe
-
Size
642KB
-
Sample
210507-ww6vfgkqhe
-
MD5
3f477f9a8d127a24aea48734ad4560ec
-
SHA1
5134988fda8928555e2c46d5284ca4f090eb76e0
-
SHA256
bd0d898b25671c9d8c1c62950f9a3a570f39305ad28b45865f4cc419bbe3c83b
-
SHA512
496dfff9ab51d8b88fc9d1238f494f9e6792fb3d225fcb2368e264b1a6f8fe68fd0027a0fb67713c735bda6c453941b21e7be5ca117730170e1b26c888f53a31
Static task
static1
Behavioral task
behavioral1
Sample
3f477f9a8d127a24aea48734ad4560ec.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
3f477f9a8d127a24aea48734ad4560ec.exe
-
Size
642KB
-
MD5
3f477f9a8d127a24aea48734ad4560ec
-
SHA1
5134988fda8928555e2c46d5284ca4f090eb76e0
-
SHA256
bd0d898b25671c9d8c1c62950f9a3a570f39305ad28b45865f4cc419bbe3c83b
-
SHA512
496dfff9ab51d8b88fc9d1238f494f9e6792fb3d225fcb2368e264b1a6f8fe68fd0027a0fb67713c735bda6c453941b21e7be5ca117730170e1b26c888f53a31
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-