General
-
Target
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab
-
Size
8KB
-
Sample
220319-nxb92shahq
-
MD5
e2084eb43696aa09bf973398318c2d84
-
SHA1
6c435b132ad5779289dcff23ad15d56426675599
-
SHA256
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab
-
SHA512
a74eb9a66a32eab0e0e696614525e4b510dd326092855fad5b1b153199efa8a79972d8f1e96b5d0a7643d0d759abab95fc7591c4b926806e241207ef4c20e571
Static task
static1
Behavioral task
behavioral1
Sample
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
vidar
48.7
933
https://mstdn.social/@anapa
https://mastodon.social/@mniami
-
profile_id
933
Targets
-
-
Target
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab
-
Size
8KB
-
MD5
e2084eb43696aa09bf973398318c2d84
-
SHA1
6c435b132ad5779289dcff23ad15d56426675599
-
SHA256
da6c8e5f227ef8af6a8ee0df2b989c4a1d30ba466f711fa33799d28e83fc76ab
-
SHA512
a74eb9a66a32eab0e0e696614525e4b510dd326092855fad5b1b153199efa8a79972d8f1e96b5d0a7643d0d759abab95fc7591c4b926806e241207ef4c20e571
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
OnlyLogger Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-