General
-
Target
e3be4420fc72c65d8ebe91239355ecbd
-
Size
1.0MB
-
Sample
220216-sklp6sbha3
-
MD5
e3be4420fc72c65d8ebe91239355ecbd
-
SHA1
830289c9135b3a0e526390e27e3a00a37723c8df
-
SHA256
6de9b52d4498f6a5061d71b2851fbe5e5ba2cb1998891d807cb92dc0c210b8a3
-
SHA512
cec50e1b4907acd819ec17e41f085f2f9d139783a81448f676a9ba75462f1f1895ebca3501774f25199d0464c777e84f2b1e161e81eeffc56b2432ad04ef0af5
Static task
static1
Behavioral task
behavioral1
Sample
e3be4420fc72c65d8ebe91239355ecbd.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
50.1
754
https://mastodon.online/@k1llerniax
https://koyu.space/@k1llerni2x
-
profile_id
754
Targets
-
-
Target
e3be4420fc72c65d8ebe91239355ecbd
-
Size
1.0MB
-
MD5
e3be4420fc72c65d8ebe91239355ecbd
-
SHA1
830289c9135b3a0e526390e27e3a00a37723c8df
-
SHA256
6de9b52d4498f6a5061d71b2851fbe5e5ba2cb1998891d807cb92dc0c210b8a3
-
SHA512
cec50e1b4907acd819ec17e41f085f2f9d139783a81448f676a9ba75462f1f1895ebca3501774f25199d0464c777e84f2b1e161e81eeffc56b2432ad04ef0af5
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-