General
-
Target
c3b0392db5c6aeb0da15225f53ae99ca53ee444ffec1b9867172a8adbbf55fa1
-
Size
718KB
-
Sample
210722-9sjbxwtwms
-
MD5
4d5ccfbfd790a3391bc9e98197294bae
-
SHA1
fce49db56da4cda58091df4c562e5c77c46d19d6
-
SHA256
c3b0392db5c6aeb0da15225f53ae99ca53ee444ffec1b9867172a8adbbf55fa1
-
SHA512
9f9e97c6be675e549fa51e7a113e874e5b7e3abc7ae8be545e5ec47b71eb4a64905ec57a44a2f02530f38f084312be966836704b99d405bb0236226d01848743
Static task
static1
Malware Config
Extracted
vidar
39.6
517
https://sslamlssa1.tumblr.com/
-
profile_id
517
Targets
-
-
Target
c3b0392db5c6aeb0da15225f53ae99ca53ee444ffec1b9867172a8adbbf55fa1
-
Size
718KB
-
MD5
4d5ccfbfd790a3391bc9e98197294bae
-
SHA1
fce49db56da4cda58091df4c562e5c77c46d19d6
-
SHA256
c3b0392db5c6aeb0da15225f53ae99ca53ee444ffec1b9867172a8adbbf55fa1
-
SHA512
9f9e97c6be675e549fa51e7a113e874e5b7e3abc7ae8be545e5ec47b71eb4a64905ec57a44a2f02530f38f084312be966836704b99d405bb0236226d01848743
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-