General
-
Target
e18e27680c53d972d62cccc2bb9c467e
-
Size
486KB
-
Sample
210715-fdetsxg7x6
-
MD5
e18e27680c53d972d62cccc2bb9c467e
-
SHA1
f9f5eba70dcce6e4df182d2d2b160de61350c894
-
SHA256
419c0ec8639bbed490688e2811ddd0cd193da81096ad07724b7afb1e51de351b
-
SHA512
6443416175d8182c1d996b040749693a37f1d7e2d87b73475736aa1f0492eae47f7aca6c8df29b5b737ed8cc8a282d3e89a04f1355593a8ce101466c38baed9e
Static task
static1
Behavioral task
behavioral1
Sample
e18e27680c53d972d62cccc2bb9c467e.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.6
903
https://sslamlssa1.tumblr.com/
-
profile_id
903
Targets
-
-
Target
e18e27680c53d972d62cccc2bb9c467e
-
Size
486KB
-
MD5
e18e27680c53d972d62cccc2bb9c467e
-
SHA1
f9f5eba70dcce6e4df182d2d2b160de61350c894
-
SHA256
419c0ec8639bbed490688e2811ddd0cd193da81096ad07724b7afb1e51de351b
-
SHA512
6443416175d8182c1d996b040749693a37f1d7e2d87b73475736aa1f0492eae47f7aca6c8df29b5b737ed8cc8a282d3e89a04f1355593a8ce101466c38baed9e
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-