General
-
Target
bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403
-
Size
635KB
-
Sample
220422-n1tcqscad7
-
MD5
ebfb5ded5dc595e22ee02b08597b93eb
-
SHA1
8c33736b8b3dc750027ef49b1059d5d3a231182a
-
SHA256
bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403
-
SHA512
e74d3f71ece40008cdcb7bcdfc6547ca406e4fb3fd3048177648d0ae906ad11223412963ee6b2b3ebe70a14006bc4ddb9d387b129a4f27fd34c4e8a9f5afdead
Static task
static1
Behavioral task
behavioral1
Sample
bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
51.7
977
https://t.me/hi20220412
https://noc.social/@samal6
-
profile_id
977
Targets
-
-
Target
bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403
-
Size
635KB
-
MD5
ebfb5ded5dc595e22ee02b08597b93eb
-
SHA1
8c33736b8b3dc750027ef49b1059d5d3a231182a
-
SHA256
bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403
-
SHA512
e74d3f71ece40008cdcb7bcdfc6547ca406e4fb3fd3048177648d0ae906ad11223412963ee6b2b3ebe70a14006bc4ddb9d387b129a4f27fd34c4e8a9f5afdead
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-