General
-
Target
e2969c6b371439020ebcabcbe5d0124e.exe
-
Size
681KB
-
Sample
210508-rjfgcjyacs
-
MD5
e2969c6b371439020ebcabcbe5d0124e
-
SHA1
0672999707beb9b98478d1434169118d06a97701
-
SHA256
57dff4d4cb63afb347c9e87ae2009047e4f4afe8059418cace04bd4d9c693ad6
-
SHA512
b3276166cb71c126417620e2a94d4e54515478cc122abf33b1804e6bb62a5871b29afde43c114010d16564726a67fa8c17d5dc22698ced2c4cc3f371cf122c8e
Static task
static1
Behavioral task
behavioral1
Sample
e2969c6b371439020ebcabcbe5d0124e.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
e2969c6b371439020ebcabcbe5d0124e.exe
-
Size
681KB
-
MD5
e2969c6b371439020ebcabcbe5d0124e
-
SHA1
0672999707beb9b98478d1434169118d06a97701
-
SHA256
57dff4d4cb63afb347c9e87ae2009047e4f4afe8059418cace04bd4d9c693ad6
-
SHA512
b3276166cb71c126417620e2a94d4e54515478cc122abf33b1804e6bb62a5871b29afde43c114010d16564726a67fa8c17d5dc22698ced2c4cc3f371cf122c8e
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-