General
-
Target
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514
-
Size
1.4MB
-
Sample
220520-hpsdeahfhp
-
MD5
ab5b172f91594490df40fe1e522b0902
-
SHA1
ba4f383af064bbd1fe7f1d6e5fb4be8a6c993fa3
-
SHA256
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514
-
SHA512
f779919340aab9fdadba459a8d85b1e1d6cc6c8c47f084ee85cc4fac169cc72538ce5970d9bb0e86694b4216fe4d07c4e47042802da486d75db48485119fb3c6
Static task
static1
Behavioral task
behavioral1
Sample
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.2
1182
https://t.me/netflixaccsfree
https://mastodon.social/@ronxik12
-
profile_id
1182
Targets
-
-
Target
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514
-
Size
1.4MB
-
MD5
ab5b172f91594490df40fe1e522b0902
-
SHA1
ba4f383af064bbd1fe7f1d6e5fb4be8a6c993fa3
-
SHA256
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514
-
SHA512
f779919340aab9fdadba459a8d85b1e1d6cc6c8c47f084ee85cc4fac169cc72538ce5970d9bb0e86694b4216fe4d07c4e47042802da486d75db48485119fb3c6
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-