General
-
Target
fc9ff1351c41668d1e590c1a0cb471743e4e71d82e6011946cfe189c75980b00
-
Size
739KB
-
Sample
210912-shd8bacdc7
-
MD5
e9374bbefcce30c811d2f0091f1886c3
-
SHA1
e3b52ed9c9ec4432a431b5a59733c10f5e036dc6
-
SHA256
fc9ff1351c41668d1e590c1a0cb471743e4e71d82e6011946cfe189c75980b00
-
SHA512
1bc1976df0ad2c51b7ac68af36a7d7fe93a7cd1d15f3a581afb4eef70534a4edc2ed69a8af1e26eb0df9cf3cd684e6f03e9b9e8aa6ffb8b07a7b6fb0dbbd314c
Static task
static1
Malware Config
Extracted
vidar
40.5
824
https://gheorghip.tumblr.com/
-
profile_id
824
Targets
-
-
Target
fc9ff1351c41668d1e590c1a0cb471743e4e71d82e6011946cfe189c75980b00
-
Size
739KB
-
MD5
e9374bbefcce30c811d2f0091f1886c3
-
SHA1
e3b52ed9c9ec4432a431b5a59733c10f5e036dc6
-
SHA256
fc9ff1351c41668d1e590c1a0cb471743e4e71d82e6011946cfe189c75980b00
-
SHA512
1bc1976df0ad2c51b7ac68af36a7d7fe93a7cd1d15f3a581afb4eef70534a4edc2ed69a8af1e26eb0df9cf3cd684e6f03e9b9e8aa6ffb8b07a7b6fb0dbbd314c
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-