General
-
Target
mixshop_20211014-230224
-
Size
666KB
-
Sample
211014-1aqv5sacf7
-
MD5
ba0022a82e893e3478af3d3e4ea8d33e
-
SHA1
dafd4a5f1924eca548e6b8ff7f88fd8826eb2584
-
SHA256
149d9555994e5930d863674a2c55d295d5a19446bed86ef1079ccbbbdae9975f
-
SHA512
09d0c98ea9d44e1b30a5fbd451e0cfc3fb8b7b9c755b977011b4ad3c7a1616c0b037b01d3d2d9ba54b66982ad04dcfe11693ef361d97dded1f988d8743760b7f
Static task
static1
Behavioral task
behavioral1
Sample
mixshop_20211014-230224.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.4
1015
https://mas.to/@sslam
-
profile_id
1015
Targets
-
-
Target
mixshop_20211014-230224
-
Size
666KB
-
MD5
ba0022a82e893e3478af3d3e4ea8d33e
-
SHA1
dafd4a5f1924eca548e6b8ff7f88fd8826eb2584
-
SHA256
149d9555994e5930d863674a2c55d295d5a19446bed86ef1079ccbbbdae9975f
-
SHA512
09d0c98ea9d44e1b30a5fbd451e0cfc3fb8b7b9c755b977011b4ad3c7a1616c0b037b01d3d2d9ba54b66982ad04dcfe11693ef361d97dded1f988d8743760b7f
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-