General
-
Target
0a8797ab2a2c3aa1b698486ae302380a.exe
-
Size
642KB
-
Sample
210507-y3bksqdfhn
-
MD5
0a8797ab2a2c3aa1b698486ae302380a
-
SHA1
4a9ce9901641844c93ba791fa9d9904c8c90e6c7
-
SHA256
c9290f20825f7e116761d98cf226bde2021a702c2596bdff892df39f16bfafbc
-
SHA512
9dfe6d54278ffdc3e94b732869005b1950fc907a31e614a07403fb2bb386e72956483447483f0233ad9bdb8b741567c57b8563cd77f1f150adc7ca2e88ce2449
Static task
static1
Behavioral task
behavioral1
Sample
0a8797ab2a2c3aa1b698486ae302380a.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
0a8797ab2a2c3aa1b698486ae302380a.exe
-
Size
642KB
-
MD5
0a8797ab2a2c3aa1b698486ae302380a
-
SHA1
4a9ce9901641844c93ba791fa9d9904c8c90e6c7
-
SHA256
c9290f20825f7e116761d98cf226bde2021a702c2596bdff892df39f16bfafbc
-
SHA512
9dfe6d54278ffdc3e94b732869005b1950fc907a31e614a07403fb2bb386e72956483447483f0233ad9bdb8b741567c57b8563cd77f1f150adc7ca2e88ce2449
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-