General
-
Target
e5122b8f9175869275bb1dbbafcf3e1a199a257b4dcc5d36de6d1b5f610d5195
-
Size
1.4MB
-
Sample
211011-zhtfkaabc3
-
MD5
41d8b11e32a453d9873c5cc2a3d7f963
-
SHA1
e11d8074ffb64ba405f32909a6eeaeb0ec74fc85
-
SHA256
e5122b8f9175869275bb1dbbafcf3e1a199a257b4dcc5d36de6d1b5f610d5195
-
SHA512
2217c60510e395ada17807fc3dd7c63c3cae936ca5b95df7408b68c2927be18fd971f11635d1aaf644e8ebc16ff82c55c63724af47bfd1522a4d153e5f968fd2
Static task
static1
Malware Config
Extracted
vidar
41.3
921
https://mas.to/@oleg98
-
profile_id
921
Targets
-
-
Target
e5122b8f9175869275bb1dbbafcf3e1a199a257b4dcc5d36de6d1b5f610d5195
-
Size
1.4MB
-
MD5
41d8b11e32a453d9873c5cc2a3d7f963
-
SHA1
e11d8074ffb64ba405f32909a6eeaeb0ec74fc85
-
SHA256
e5122b8f9175869275bb1dbbafcf3e1a199a257b4dcc5d36de6d1b5f610d5195
-
SHA512
2217c60510e395ada17807fc3dd7c63c3cae936ca5b95df7408b68c2927be18fd971f11635d1aaf644e8ebc16ff82c55c63724af47bfd1522a4d153e5f968fd2
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-