General
-
Target
0be6d1985b2f07f46781a3554ae9fddb1e93b153145dd5cd33035c70e25b0052
-
Size
853KB
-
Sample
211023-ag1qtadfer
-
MD5
3fd16b7520f0745f627759902b155046
-
SHA1
adba005434422ebb6b43636f457772c00c55c3a3
-
SHA256
0be6d1985b2f07f46781a3554ae9fddb1e93b153145dd5cd33035c70e25b0052
-
SHA512
88e68df7eb827c261f6aec5c045a84dcfa281fbea990a1de7a15af39fcbbb88643d37da026182f5f3a5a16ac7d7b1464d3cce19f912de255c33ec9c47b935ef5
Static task
static1
Behavioral task
behavioral1
Sample
0be6d1985b2f07f46781a3554ae9fddb1e93b153145dd5cd33035c70e25b0052.exe
Resource
win10-en-20210920
Malware Config
Extracted
vidar
41.5
517
https://mas.to/@xeroxxx
-
profile_id
517
Extracted
djvu
http://rlrz.org/fhsgtsspen6
Targets
-
-
Target
0be6d1985b2f07f46781a3554ae9fddb1e93b153145dd5cd33035c70e25b0052
-
Size
853KB
-
MD5
3fd16b7520f0745f627759902b155046
-
SHA1
adba005434422ebb6b43636f457772c00c55c3a3
-
SHA256
0be6d1985b2f07f46781a3554ae9fddb1e93b153145dd5cd33035c70e25b0052
-
SHA512
88e68df7eb827c261f6aec5c045a84dcfa281fbea990a1de7a15af39fcbbb88643d37da026182f5f3a5a16ac7d7b1464d3cce19f912de255c33ec9c47b935ef5
-
Detected Djvu ransomware
-
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-