General
-
Target
eufive_20210821-175653(1)
-
Size
606KB
-
Sample
210821-r4qbexrj7j
-
MD5
86b31adc12f4b3279e5099e6c1169967
-
SHA1
3323e67f75243781e68645f638fd70bc74f26491
-
SHA256
ed2483bd5eecc185be7bce77dfaea0f2d7e4e525903d318786d502ece18ba83f
-
SHA512
507dc7b23072f9f9dd67566e8ee40ea587f5c783f1ad659de175e55cab4215ad69eaf0287d45da4b374efd7afefd3c11b3f8afcc4797d851cfe3cf0092b33c37
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210821-175653(1).exe
Resource
win7v20210410
Malware Config
Extracted
vidar
40.1
865
https://eduarroma.tumblr.com/
-
profile_id
865
Targets
-
-
Target
eufive_20210821-175653(1)
-
Size
606KB
-
MD5
86b31adc12f4b3279e5099e6c1169967
-
SHA1
3323e67f75243781e68645f638fd70bc74f26491
-
SHA256
ed2483bd5eecc185be7bce77dfaea0f2d7e4e525903d318786d502ece18ba83f
-
SHA512
507dc7b23072f9f9dd67566e8ee40ea587f5c783f1ad659de175e55cab4215ad69eaf0287d45da4b374efd7afefd3c11b3f8afcc4797d851cfe3cf0092b33c37
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-