General
-
Target
3107999f9600f5f2bc88e17282da2773.exe
-
Size
367KB
-
Sample
220512-jdh62adhcn
-
MD5
3107999f9600f5f2bc88e17282da2773
-
SHA1
8862f9551fdb7dc30e135c556751b973f441e7b4
-
SHA256
aacab9cbbf292403a63bcfd1f6f0a9e534ac39aab406f2c9d7aa98b719f3801f
-
SHA512
50c66565fc457b848014eaf70b3f7cc408e8a818bd29c80daf53597a44c182d26649c249a6e3fe7e6516fc7ff7e7026f3aff4b25ee48645789fa6cd3d3e2f338
Static task
static1
Behavioral task
behavioral1
Sample
3107999f9600f5f2bc88e17282da2773.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.1
517
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
517
Targets
-
-
Target
3107999f9600f5f2bc88e17282da2773.exe
-
Size
367KB
-
MD5
3107999f9600f5f2bc88e17282da2773
-
SHA1
8862f9551fdb7dc30e135c556751b973f441e7b4
-
SHA256
aacab9cbbf292403a63bcfd1f6f0a9e534ac39aab406f2c9d7aa98b719f3801f
-
SHA512
50c66565fc457b848014eaf70b3f7cc408e8a818bd29c80daf53597a44c182d26649c249a6e3fe7e6516fc7ff7e7026f3aff4b25ee48645789fa6cd3d3e2f338
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-