General
-
Target
3bbb6c82905bba79aafc0d673922c961384eaea1e7187d7a553535c69dcfb40d
-
Size
770KB
-
Sample
210722-7yy8jmft5e
-
MD5
d15b6c7634375697fefd3d1d125af075
-
SHA1
384eb0ca1f3d46575915e0fcf9bc62faee909ff8
-
SHA256
3bbb6c82905bba79aafc0d673922c961384eaea1e7187d7a553535c69dcfb40d
-
SHA512
b10eb38acae20126c379d797c31b79696d1bbd9e05fa33bdc4eefd09aa222bc77f1e612f108cc8cde1ce1f17d9fc22e9e63c9296f9345cdf848265631c47f9f2
Static task
static1
Malware Config
Extracted
vidar
39.6
517
https://sslamlssa1.tumblr.com/
-
profile_id
517
Targets
-
-
Target
3bbb6c82905bba79aafc0d673922c961384eaea1e7187d7a553535c69dcfb40d
-
Size
770KB
-
MD5
d15b6c7634375697fefd3d1d125af075
-
SHA1
384eb0ca1f3d46575915e0fcf9bc62faee909ff8
-
SHA256
3bbb6c82905bba79aafc0d673922c961384eaea1e7187d7a553535c69dcfb40d
-
SHA512
b10eb38acae20126c379d797c31b79696d1bbd9e05fa33bdc4eefd09aa222bc77f1e612f108cc8cde1ce1f17d9fc22e9e63c9296f9345cdf848265631c47f9f2
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-