General
-
Target
7a3819cbe5eb3cdf1ea422b4e9893948.exe
-
Size
354KB
-
Sample
220510-nnw8vsggb8
-
MD5
7a3819cbe5eb3cdf1ea422b4e9893948
-
SHA1
e3281fd96083ffe4ccbf2c0da578630f08b87a61
-
SHA256
adc533afdb78f5b2509ce98d5ba8f2fce025675246532a0a0454acf4b02cb640
-
SHA512
2e06e6cef4d2fbb3d13bdc27e01d6b43c5f3d08456806099def329fc0fe59a0fb2c16ad210290da3bb16f3925f7e261056a97c10c1464d2997a7ad2727e39e2e
Static task
static1
Behavioral task
behavioral1
Sample
7a3819cbe5eb3cdf1ea422b4e9893948.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.1
1163
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1163
Targets
-
-
Target
7a3819cbe5eb3cdf1ea422b4e9893948.exe
-
Size
354KB
-
MD5
7a3819cbe5eb3cdf1ea422b4e9893948
-
SHA1
e3281fd96083ffe4ccbf2c0da578630f08b87a61
-
SHA256
adc533afdb78f5b2509ce98d5ba8f2fce025675246532a0a0454acf4b02cb640
-
SHA512
2e06e6cef4d2fbb3d13bdc27e01d6b43c5f3d08456806099def329fc0fe59a0fb2c16ad210290da3bb16f3925f7e261056a97c10c1464d2997a7ad2727e39e2e
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-