General
-
Target
5438fc4e7c66a72b2b75b248d970b5ef.exe
-
Size
1.2MB
-
Sample
211031-sf6vjsgag7
-
MD5
5438fc4e7c66a72b2b75b248d970b5ef
-
SHA1
9f489ac261c84fca71a5c9ca42459ff029ca895d
-
SHA256
03953078a89e2efb12217ac6df2584d0c8d5ce0190daca67d85910e24f273383
-
SHA512
6d8f569d3c906ddf650226c3d404a5a095eff926b23e3598fff10a9ea241f6b7103949df3e6483b36272b17e4ee7a90d8435d0daf686b910720af13756ae9061
Static task
static1
Behavioral task
behavioral1
Sample
5438fc4e7c66a72b2b75b248d970b5ef.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.6
921
https://mas.to/@lilocc
-
profile_id
921
Targets
-
-
Target
5438fc4e7c66a72b2b75b248d970b5ef.exe
-
Size
1.2MB
-
MD5
5438fc4e7c66a72b2b75b248d970b5ef
-
SHA1
9f489ac261c84fca71a5c9ca42459ff029ca895d
-
SHA256
03953078a89e2efb12217ac6df2584d0c8d5ce0190daca67d85910e24f273383
-
SHA512
6d8f569d3c906ddf650226c3d404a5a095eff926b23e3598fff10a9ea241f6b7103949df3e6483b36272b17e4ee7a90d8435d0daf686b910720af13756ae9061
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-