General
-
Target
9fdc22cfd95d8a88d85f3b72791790b4.exe
-
Size
486KB
-
Sample
210716-rej9mv5cnn
-
MD5
9fdc22cfd95d8a88d85f3b72791790b4
-
SHA1
112438f083f73a42aee4390279749c4da4ecc93f
-
SHA256
4b1bb5b4ec520f876013a1607c28097c02c7e93d6a1e908af320d633d3d0a76b
-
SHA512
85e510194b00af152d60796a241ef4b10cf0c948c3a95c957cc2d2836e20d6426fa3f33ba5275fdb9b96df4e36b9d89ae14d9884d68c97881cbbed0176bc3317
Static task
static1
Behavioral task
behavioral1
Sample
9fdc22cfd95d8a88d85f3b72791790b4.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.6
903
https://sslamlssa1.tumblr.com/
-
profile_id
903
Targets
-
-
Target
9fdc22cfd95d8a88d85f3b72791790b4.exe
-
Size
486KB
-
MD5
9fdc22cfd95d8a88d85f3b72791790b4
-
SHA1
112438f083f73a42aee4390279749c4da4ecc93f
-
SHA256
4b1bb5b4ec520f876013a1607c28097c02c7e93d6a1e908af320d633d3d0a76b
-
SHA512
85e510194b00af152d60796a241ef4b10cf0c948c3a95c957cc2d2836e20d6426fa3f33ba5275fdb9b96df4e36b9d89ae14d9884d68c97881cbbed0176bc3317
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-