General
-
Target
news.exe
-
Size
846KB
-
Sample
210630-bl4wsxc27a
-
MD5
d91bc8da2d1a86964430d08128cb0387
-
SHA1
788516914feabc1f7e5b14cc4b138167ae5e84e4
-
SHA256
d5872f6fcbcbcaf395e7986543e55b68bdd08b56d082f979bfd0a51998a795e3
-
SHA512
1ff1451b624fa2919c434cf66284cffaad0f137d6a618b7cdcb91746817104cc2d162a83f879641181dcbf3a472d823507764b8eadaedf4f393a592b7c302e03
Static task
static1
Behavioral task
behavioral1
Sample
news.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.4
890
https://sergeevih43.tumblr.com
-
profile_id
890
Targets
-
-
Target
news.exe
-
Size
846KB
-
MD5
d91bc8da2d1a86964430d08128cb0387
-
SHA1
788516914feabc1f7e5b14cc4b138167ae5e84e4
-
SHA256
d5872f6fcbcbcaf395e7986543e55b68bdd08b56d082f979bfd0a51998a795e3
-
SHA512
1ff1451b624fa2919c434cf66284cffaad0f137d6a618b7cdcb91746817104cc2d162a83f879641181dcbf3a472d823507764b8eadaedf4f393a592b7c302e03
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-