General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.1853.24511
-
Size
699KB
-
Sample
210921-fejbmsgba8
-
MD5
b2f1683e21cd12021af7ef3e0eef7674
-
SHA1
39ec0e7d50737549dab38a48d3403c4177912274
-
SHA256
76e3372675b50861ba373f9700db718087d9821cc619e00aca03912f22eeedd1
-
SHA512
4ab9150f436d59e3019289fa4c84a45b3c0c73f4e96cdd3218747fc2c757b97fd3f8420a093f51f427ce86eea8910946ef7b7b326015bec7071904bcfd4ed9c9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.1853.24511.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.1853.24511
-
Size
699KB
-
MD5
b2f1683e21cd12021af7ef3e0eef7674
-
SHA1
39ec0e7d50737549dab38a48d3403c4177912274
-
SHA256
76e3372675b50861ba373f9700db718087d9821cc619e00aca03912f22eeedd1
-
SHA512
4ab9150f436d59e3019289fa4c84a45b3c0c73f4e96cdd3218747fc2c757b97fd3f8420a093f51f427ce86eea8910946ef7b7b326015bec7071904bcfd4ed9c9
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-