General
-
Target
5a863bf0db9d32f8ad9306822516ce069b0e055ffed134d214950797e1a6c483
-
Size
808KB
-
Sample
211019-pdasjsfgf2
-
MD5
2ce98b6647a7e602cfab7414e1dd8ad2
-
SHA1
7798650ad9d8472d38db018cec6a8807370ce720
-
SHA256
5a863bf0db9d32f8ad9306822516ce069b0e055ffed134d214950797e1a6c483
-
SHA512
5f5243a2b076f16467c34f11de8c0d5e4f5ace543593a13f834cdc6635e9b743140441eab0d3651dae2a429930f64e0d1983c0be8e1245d3bf48a9b71d966614
Static task
static1
Behavioral task
behavioral1
Sample
5a863bf0db9d32f8ad9306822516ce069b0e055ffed134d214950797e1a6c483.exe
Resource
win10-en-20211014
Malware Config
Extracted
vidar
41.3
517
https://mas.to/@oleg98
-
profile_id
517
Extracted
djvu
http://rlrz.org/fhsgtsspen6
Targets
-
-
Target
5a863bf0db9d32f8ad9306822516ce069b0e055ffed134d214950797e1a6c483
-
Size
808KB
-
MD5
2ce98b6647a7e602cfab7414e1dd8ad2
-
SHA1
7798650ad9d8472d38db018cec6a8807370ce720
-
SHA256
5a863bf0db9d32f8ad9306822516ce069b0e055ffed134d214950797e1a6c483
-
SHA512
5f5243a2b076f16467c34f11de8c0d5e4f5ace543593a13f834cdc6635e9b743140441eab0d3651dae2a429930f64e0d1983c0be8e1245d3bf48a9b71d966614
-
Detected Djvu ransomware
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-