General
-
Target
acd123090b9da814081c84b6dd84dfa6c479b71c.rl.zip
-
Size
423KB
-
Sample
220128-sqs2fafha4
-
MD5
2350ee6028368620e61dba938ab3c1fa
-
SHA1
a9c3853232be11c34353257a066772e53d99db8d
-
SHA256
60cf7367fcf9e2552194bf649bef358ae65a3576df581f49775438b9c8ebe7e2
-
SHA512
1d9a6f0590c4da435018bc2dbcf9aca0dda58f084789bc8ed5e5aa590b8d615b121981d0d14570f26c903cede770d77f2f04b8fd811ae748744c5efd60ec4cfc
Static task
static1
Malware Config
Extracted
vidar
7.2
237
http://proshop.ac.ug/
-
profile_id
237
Targets
-
-
Target
acd123090b9da814081c84b6dd84dfa6c479b71c.rl
-
Size
672KB
-
MD5
c263f005ef0b0b61a8cb83676553077b
-
SHA1
acd123090b9da814081c84b6dd84dfa6c479b71c
-
SHA256
00368c386fda347a2a4a48d824f3d3f2be165262c402b5978eb1c22362f01170
-
SHA512
3a87ba5daa81b76b9fd5082554592f72516bcb8de84c6d3b042de3474802f3aa4499d32590d6d6b8c79bc828884d98a5d8e85a162e1876c844adf33e908f6433
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-