General
-
Target
3205fa5682b41ab60e954d5c2e8a2fc1c14c86f6c95e79869b100762d5195896
-
Size
665KB
-
Sample
210921-kr7l8aghh7
-
MD5
c5e25901abb63937bcbbd759a13a301e
-
SHA1
bfc38e1247211206d47b160b1d517b131c31d880
-
SHA256
3205fa5682b41ab60e954d5c2e8a2fc1c14c86f6c95e79869b100762d5195896
-
SHA512
d73f541d737795cce8363aed515245fd31f0dc35bf091bdef78e77075b0e92cb451ef2d756a43d7dc01f9888b319f8945cec2777e708a79a4be18028781878bc
Static task
static1
Malware Config
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
3205fa5682b41ab60e954d5c2e8a2fc1c14c86f6c95e79869b100762d5195896
-
Size
665KB
-
MD5
c5e25901abb63937bcbbd759a13a301e
-
SHA1
bfc38e1247211206d47b160b1d517b131c31d880
-
SHA256
3205fa5682b41ab60e954d5c2e8a2fc1c14c86f6c95e79869b100762d5195896
-
SHA512
d73f541d737795cce8363aed515245fd31f0dc35bf091bdef78e77075b0e92cb451ef2d756a43d7dc01f9888b319f8945cec2777e708a79a4be18028781878bc
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-