General
-
Target
eufive_20210908-143610
-
Size
600KB
-
Sample
210909-kap1vafge9
-
MD5
4e398dc1299faeb39df129c03bc50feb
-
SHA1
b2445ebc12af35e1047b2c2f3418255223a86ae6
-
SHA256
11fd20185f63a585cd99c798d9364606cce6e753d3a0b3fce986a5a3a20b551c
-
SHA512
c09de4e03b98249ae0e68343b57653d8d3c003fa503b7fe94a70cd2a7fe5e29a5c10c10b88b3741d16e681bbb0d4c83b6c6d3afa95af6c3f7d1dbdc6021fbc66
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210908-143610.exe
Resource
win7-en
Malware Config
Extracted
vidar
40.5
865
https://gheorghip.tumblr.com/
-
profile_id
865
Targets
-
-
Target
eufive_20210908-143610
-
Size
600KB
-
MD5
4e398dc1299faeb39df129c03bc50feb
-
SHA1
b2445ebc12af35e1047b2c2f3418255223a86ae6
-
SHA256
11fd20185f63a585cd99c798d9364606cce6e753d3a0b3fce986a5a3a20b551c
-
SHA512
c09de4e03b98249ae0e68343b57653d8d3c003fa503b7fe94a70cd2a7fe5e29a5c10c10b88b3741d16e681bbb0d4c83b6c6d3afa95af6c3f7d1dbdc6021fbc66
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-