General
-
Target
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989
-
Size
8KB
-
Sample
220319-nxm2jshban
-
MD5
8e0cb3ec8385850c7dae3859e3e16cc9
-
SHA1
f199182de1a4eabac1cecb49687c579bac783b6b
-
SHA256
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989
-
SHA512
97a4065ce4a0e42cd3299209cfa48e0dbf0da0715ff4ddff70dda9c38e31c6597210a7fa1c4e52ca8efbd0f9da7afeab2e91f85ce5ae930f6bd19e05d0cd3889
Static task
static1
Behavioral task
behavioral1
Sample
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
vidar
48.7
933
https://mstdn.social/@anapa
https://mastodon.social/@mniami
-
profile_id
933
Targets
-
-
Target
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989
-
Size
8KB
-
MD5
8e0cb3ec8385850c7dae3859e3e16cc9
-
SHA1
f199182de1a4eabac1cecb49687c579bac783b6b
-
SHA256
d41c3b72a7759a814becaa2a49e3290ee6cd957da85a300e37c48658e3ad1989
-
SHA512
97a4065ce4a0e42cd3299209cfa48e0dbf0da0715ff4ddff70dda9c38e31c6597210a7fa1c4e52ca8efbd0f9da7afeab2e91f85ce5ae930f6bd19e05d0cd3889
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
OnlyLogger Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-