General
-
Target
2ebbad22b5fe4489ae6d0756000136f29ea0a3b1e7ad997c51cd4c2fadaf3d70
-
Size
652KB
-
Sample
220220-hx3t4shhd9
-
MD5
452b11f0238d30ac482ec87175e21675
-
SHA1
bad9a98d1541bf93dce758cef33dc373a61843f8
-
SHA256
2ebbad22b5fe4489ae6d0756000136f29ea0a3b1e7ad997c51cd4c2fadaf3d70
-
SHA512
60042cb3c844e20e71401d122a733edf7342de3630eeac3b1a8111da7e7b9491b0a7006d488ac33e8519bb506e94ccc7704482fa2c444535696a4d660d063e42
Static task
static1
Malware Config
Extracted
vidar
50.2
565
https://c.im/@killern3ax
https://qoto.org/@kill4rnix
-
profile_id
565
Targets
-
-
Target
2ebbad22b5fe4489ae6d0756000136f29ea0a3b1e7ad997c51cd4c2fadaf3d70
-
Size
652KB
-
MD5
452b11f0238d30ac482ec87175e21675
-
SHA1
bad9a98d1541bf93dce758cef33dc373a61843f8
-
SHA256
2ebbad22b5fe4489ae6d0756000136f29ea0a3b1e7ad997c51cd4c2fadaf3d70
-
SHA512
60042cb3c844e20e71401d122a733edf7342de3630eeac3b1a8111da7e7b9491b0a7006d488ac33e8519bb506e94ccc7704482fa2c444535696a4d660d063e42
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-