General
-
Target
c19a32b2c1b56473245cb672da9d589227f52966b40c9b761765e85418052f35
-
Size
623KB
-
Sample
211130-ma7a8shgf7
-
MD5
37f77c6f8805407d31d2b2b63e853316
-
SHA1
2535b538d6c9337a10ac4ed80f5f7b6bceeea00a
-
SHA256
c19a32b2c1b56473245cb672da9d589227f52966b40c9b761765e85418052f35
-
SHA512
71208f96291b8d808e33202587882bbd771a5169e60ba1568051148535977475f345c3f61f1a1d4a413b4a3ed278d6167335d9ea49b7b318d6ee303ae3db4cb1
Static task
static1
Malware Config
Extracted
vidar
48.9
517
https://qoto.org/@mniami
https://noc.social/@menaomi
-
profile_id
517
Targets
-
-
Target
c19a32b2c1b56473245cb672da9d589227f52966b40c9b761765e85418052f35
-
Size
623KB
-
MD5
37f77c6f8805407d31d2b2b63e853316
-
SHA1
2535b538d6c9337a10ac4ed80f5f7b6bceeea00a
-
SHA256
c19a32b2c1b56473245cb672da9d589227f52966b40c9b761765e85418052f35
-
SHA512
71208f96291b8d808e33202587882bbd771a5169e60ba1568051148535977475f345c3f61f1a1d4a413b4a3ed278d6167335d9ea49b7b318d6ee303ae3db4cb1
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-