General
-
Target
98ee19dbbe959081f2d95b7f56af58fcb7ecdc5b85bb9ee13775376b9bad1ccf
-
Size
1.3MB
-
Sample
211013-xl2v1afaf4
-
MD5
f9e6e88eb092ccd7e4b8626cba905657
-
SHA1
5fc08c1200531073b5484dd40f72c9c6c651f748
-
SHA256
98ee19dbbe959081f2d95b7f56af58fcb7ecdc5b85bb9ee13775376b9bad1ccf
-
SHA512
e399ac991b643f7ae3264c71cfc3e20eeff52adb53e5c6b12fee6c29d6e4523bc768553883ec6767811a2bf1744cb2773b4c804a9ee7c9c163274ecfa109fa74
Static task
static1
Malware Config
Extracted
vidar
41.3
921
https://mas.to/@oleg98
-
profile_id
921
Targets
-
-
Target
98ee19dbbe959081f2d95b7f56af58fcb7ecdc5b85bb9ee13775376b9bad1ccf
-
Size
1.3MB
-
MD5
f9e6e88eb092ccd7e4b8626cba905657
-
SHA1
5fc08c1200531073b5484dd40f72c9c6c651f748
-
SHA256
98ee19dbbe959081f2d95b7f56af58fcb7ecdc5b85bb9ee13775376b9bad1ccf
-
SHA512
e399ac991b643f7ae3264c71cfc3e20eeff52adb53e5c6b12fee6c29d6e4523bc768553883ec6767811a2bf1744cb2773b4c804a9ee7c9c163274ecfa109fa74
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-