General
-
Target
25cbf20f43b95afac49543b0dd5378626ab2c78f5edadd781441b335f9fc1002
-
Size
8KB
-
Sample
220319-n4r9vahcer
-
MD5
3476b903e6e6ff5f246460e8749fd232
-
SHA1
3639e6c1f104ad7aa24ab7f72aca5dad686361cf
-
SHA256
25cbf20f43b95afac49543b0dd5378626ab2c78f5edadd781441b335f9fc1002
-
SHA512
ac99a88b90e1396b2a8db98e56eb350ad95a8f8faa5b7b36862f603899aa9a8bd2a69d5abf3346158c6605f3475b4ab3366c644c7ab23dd5e436cc8951d0e026
Static task
static1
Behavioral task
behavioral1
Sample
25cbf20f43b95afac49543b0dd5378626ab2c78f5edadd781441b335f9fc1002.exe
Resource
win7-20220311-en
Malware Config
Extracted
vidar
48.7
933
https://mstdn.social/@anapa
https://mastodon.social/@mniami
-
profile_id
933
Targets
-
-
Target
25cbf20f43b95afac49543b0dd5378626ab2c78f5edadd781441b335f9fc1002
-
Size
8KB
-
MD5
3476b903e6e6ff5f246460e8749fd232
-
SHA1
3639e6c1f104ad7aa24ab7f72aca5dad686361cf
-
SHA256
25cbf20f43b95afac49543b0dd5378626ab2c78f5edadd781441b335f9fc1002
-
SHA512
ac99a88b90e1396b2a8db98e56eb350ad95a8f8faa5b7b36862f603899aa9a8bd2a69d5abf3346158c6605f3475b4ab3366c644c7ab23dd5e436cc8951d0e026
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
OnlyLogger Payload
-
Vidar Stealer
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-