General
-
Target
8f95ae5e5e774a322e272b430e09bbe7790ab8c57a804e07a053d489f48c8979
-
Size
1.5MB
-
Sample
211003-vlttaafec2
-
MD5
d494477460b26ffbbd75a1e62b0f243e
-
SHA1
484e46737ae1919047a32126a5423ec1f563bc5f
-
SHA256
8f95ae5e5e774a322e272b430e09bbe7790ab8c57a804e07a053d489f48c8979
-
SHA512
bca9b9235cf0796352f6f8847d176b613e1421367af677281df306bdab19f241a9bfe77749e3dc5178008767b8cb5cb4a8ed8702119b1d5e616605e293691d3c
Static task
static1
Malware Config
Extracted
vidar
41.1
921
https://mas.to/@bardak1ho
-
profile_id
921
Targets
-
-
Target
8f95ae5e5e774a322e272b430e09bbe7790ab8c57a804e07a053d489f48c8979
-
Size
1.5MB
-
MD5
d494477460b26ffbbd75a1e62b0f243e
-
SHA1
484e46737ae1919047a32126a5423ec1f563bc5f
-
SHA256
8f95ae5e5e774a322e272b430e09bbe7790ab8c57a804e07a053d489f48c8979
-
SHA512
bca9b9235cf0796352f6f8847d176b613e1421367af677281df306bdab19f241a9bfe77749e3dc5178008767b8cb5cb4a8ed8702119b1d5e616605e293691d3c
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-