General
-
Target
run2.exe
-
Size
645KB
-
Sample
210630-ah6vs3hgwe
-
MD5
d458cd709802e78507954c1883a1eb84
-
SHA1
530bed480e6c7c8524ebb8b379487b7803f88368
-
SHA256
e9ee30f4b841d881579b8843ff099918bb591cf0a09f2d2c1ecd788bb7ee38bd
-
SHA512
14a72536de48b44beb40ecc91f84eebfb0b68a2eac8982a9802a44b279de249b29763caaae740fe635a8743016538a8156fd639580ed99774afe5137b6a9cfd7
Static task
static1
Behavioral task
behavioral1
Sample
run2.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.4
890
https://sergeevih43.tumblr.com
-
profile_id
890
Targets
-
-
Target
run2.exe
-
Size
645KB
-
MD5
d458cd709802e78507954c1883a1eb84
-
SHA1
530bed480e6c7c8524ebb8b379487b7803f88368
-
SHA256
e9ee30f4b841d881579b8843ff099918bb591cf0a09f2d2c1ecd788bb7ee38bd
-
SHA512
14a72536de48b44beb40ecc91f84eebfb0b68a2eac8982a9802a44b279de249b29763caaae740fe635a8743016538a8156fd639580ed99774afe5137b6a9cfd7
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-