General
-
Target
tmp
-
Size
422KB
-
Sample
220520-gjlg8sffgm
-
MD5
3d1d048187f54d5961817a5866042e13
-
SHA1
1fa3c9856f49ebe802f81062a0030482ea24bf68
-
SHA256
41be5f61865ee6502ddad6af8bdfc5c5c1fe132e555cddd19634fef1c6068dc5
-
SHA512
1ae633293fe4ae369efe5f611af617305fceb3c7b6215827e6f428f668dada5f40e9d1a9511243250bc64de095556d696f891d40979c5e0f5a94d6be0a409748
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.2
1163
https://t.me/netflixaccsfree
https://mastodon.social/@ronxik12
-
profile_id
1163
Targets
-
-
Target
tmp
-
Size
422KB
-
MD5
3d1d048187f54d5961817a5866042e13
-
SHA1
1fa3c9856f49ebe802f81062a0030482ea24bf68
-
SHA256
41be5f61865ee6502ddad6af8bdfc5c5c1fe132e555cddd19634fef1c6068dc5
-
SHA512
1ae633293fe4ae369efe5f611af617305fceb3c7b6215827e6f428f668dada5f40e9d1a9511243250bc64de095556d696f891d40979c5e0f5a94d6be0a409748
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-