General
-
Target
bbffc3df8804d72ec64bf851e316b233.exe
-
Size
681KB
-
Sample
210508-ahaydmwe62
-
MD5
bbffc3df8804d72ec64bf851e316b233
-
SHA1
45dcfb6bcb80179a6d4324f2c574da9320943c99
-
SHA256
e9a341bafeaba15c7e73a7ebb64f2c6463f23f6fbb83417943b4429ef00ab00e
-
SHA512
85484e2a447d5862efda0e8ad4d3d865959769259b3b41bc61af1d52d48a37b2ab40284b6af7a27b3a626af9c999e3962a46f84fa214a65a3c19823a7a6b06dd
Static task
static1
Behavioral task
behavioral1
Sample
bbffc3df8804d72ec64bf851e316b233.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
bbffc3df8804d72ec64bf851e316b233.exe
-
Size
681KB
-
MD5
bbffc3df8804d72ec64bf851e316b233
-
SHA1
45dcfb6bcb80179a6d4324f2c574da9320943c99
-
SHA256
e9a341bafeaba15c7e73a7ebb64f2c6463f23f6fbb83417943b4429ef00ab00e
-
SHA512
85484e2a447d5862efda0e8ad4d3d865959769259b3b41bc61af1d52d48a37b2ab40284b6af7a27b3a626af9c999e3962a46f84fa214a65a3c19823a7a6b06dd
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-