General
-
Target
53660ddc9a468660788a2b064b62a56c
-
Size
506KB
-
Sample
210722-sj5t1mx2ke
-
MD5
53660ddc9a468660788a2b064b62a56c
-
SHA1
25b7fb1e8325e331bd359a11d2b063f0b1408cd2
-
SHA256
c272907c7c9d138993e44dd4e837cd6ac26ce14378acc962a3c4acda14726d42
-
SHA512
c8bd67c27f4279d00f1e7d0d4cf87b3fe90d85696eab0068ce4208a4e20f4496b287a6099b1dc64a28875fd6e0ddb473aeb936b0e12192ab8f31be3a8777465a
Static task
static1
Behavioral task
behavioral1
Sample
53660ddc9a468660788a2b064b62a56c.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.7
921
https://shpak125.tumblr.com/
-
profile_id
921
Targets
-
-
Target
53660ddc9a468660788a2b064b62a56c
-
Size
506KB
-
MD5
53660ddc9a468660788a2b064b62a56c
-
SHA1
25b7fb1e8325e331bd359a11d2b063f0b1408cd2
-
SHA256
c272907c7c9d138993e44dd4e837cd6ac26ce14378acc962a3c4acda14726d42
-
SHA512
c8bd67c27f4279d00f1e7d0d4cf87b3fe90d85696eab0068ce4208a4e20f4496b287a6099b1dc64a28875fd6e0ddb473aeb936b0e12192ab8f31be3a8777465a
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-