General
-
Target
646eea2b4e17022c1cb7911b0cef68e058cc21835c3be4da29242ddf98182b49
-
Size
8KB
-
Sample
220319-n25r6ahcbr
-
MD5
fe83ef41d82529b45dcf0cef116a2df0
-
SHA1
8d1daee38437ba003d9913af9bc3abd4afd3e996
-
SHA256
646eea2b4e17022c1cb7911b0cef68e058cc21835c3be4da29242ddf98182b49
-
SHA512
0688940be45ff49e45d582b4976a9dbe0f1c706275ce554fe90020725dddf93b240263d50d81b78e225471fe43a3b2589b81f3208c1991604f15e9875c9fafd1
Static task
static1
Behavioral task
behavioral1
Sample
646eea2b4e17022c1cb7911b0cef68e058cc21835c3be4da29242ddf98182b49.exe
Resource
win7-20220311-en
Malware Config
Extracted
vidar
48.7
933
https://mstdn.social/@anapa
https://mastodon.social/@mniami
-
profile_id
933
Targets
-
-
Target
646eea2b4e17022c1cb7911b0cef68e058cc21835c3be4da29242ddf98182b49
-
Size
8KB
-
MD5
fe83ef41d82529b45dcf0cef116a2df0
-
SHA1
8d1daee38437ba003d9913af9bc3abd4afd3e996
-
SHA256
646eea2b4e17022c1cb7911b0cef68e058cc21835c3be4da29242ddf98182b49
-
SHA512
0688940be45ff49e45d582b4976a9dbe0f1c706275ce554fe90020725dddf93b240263d50d81b78e225471fe43a3b2589b81f3208c1991604f15e9875c9fafd1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
OnlyLogger Payload
-
Vidar Stealer
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-