General
-
Target
fbe9a42a3785c3112cda29a2ca5135092acf0c583f632fc70a2bf2e8f04ec7ee
-
Size
700KB
-
Sample
220303-nb9cnaahg5
-
MD5
3fdb492503046296762e8cd9e19e7641
-
SHA1
12d7a5ef875cbefdba8f15a0fb3bb8430d075e78
-
SHA256
fbe9a42a3785c3112cda29a2ca5135092acf0c583f632fc70a2bf2e8f04ec7ee
-
SHA512
b09e1af1525341a6ffaba6461bbe7a6d083a7fccb2e1f85a1d9bd82fbf43ba3519f8c90ca1dd8d9f7ef4a96769cf8a1ca01c4d28b0dee4a5087ba79ece663988
Static task
static1
Malware Config
Extracted
vidar
50.2
565
https://c.im/@killern3ax
https://qoto.org/@kill4rnix
-
profile_id
565
Targets
-
-
Target
fbe9a42a3785c3112cda29a2ca5135092acf0c583f632fc70a2bf2e8f04ec7ee
-
Size
700KB
-
MD5
3fdb492503046296762e8cd9e19e7641
-
SHA1
12d7a5ef875cbefdba8f15a0fb3bb8430d075e78
-
SHA256
fbe9a42a3785c3112cda29a2ca5135092acf0c583f632fc70a2bf2e8f04ec7ee
-
SHA512
b09e1af1525341a6ffaba6461bbe7a6d083a7fccb2e1f85a1d9bd82fbf43ba3519f8c90ca1dd8d9f7ef4a96769cf8a1ca01c4d28b0dee4a5087ba79ece663988
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-