General
-
Target
38e2a94d654c66cfc127006e66cbb5f05567d9f6481c0bbefab2d06d39233924
-
Size
718KB
-
Sample
210722-6k8jn85jxs
-
MD5
22332da14aeade590a409b8905bcff2b
-
SHA1
b3c58bfe72452ae9d2d7ac501d2f4fab01a5c6d1
-
SHA256
38e2a94d654c66cfc127006e66cbb5f05567d9f6481c0bbefab2d06d39233924
-
SHA512
c3f012ab92409a537936769c5e151d8b9b90c1c546577fd2e4dcae410caa0f481073b5dccd72e6af8eb70b6ef051e30b6e2e8c019baca7b14aa14348cf08f929
Static task
static1
Malware Config
Extracted
vidar
39.6
517
https://sslamlssa1.tumblr.com/
-
profile_id
517
Targets
-
-
Target
38e2a94d654c66cfc127006e66cbb5f05567d9f6481c0bbefab2d06d39233924
-
Size
718KB
-
MD5
22332da14aeade590a409b8905bcff2b
-
SHA1
b3c58bfe72452ae9d2d7ac501d2f4fab01a5c6d1
-
SHA256
38e2a94d654c66cfc127006e66cbb5f05567d9f6481c0bbefab2d06d39233924
-
SHA512
c3f012ab92409a537936769c5e151d8b9b90c1c546577fd2e4dcae410caa0f481073b5dccd72e6af8eb70b6ef051e30b6e2e8c019baca7b14aa14348cf08f929
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-