General
-
Target
537800e50ffeee309268aa0e53fe6e3aaf17c99b19eac369dbc5657f0ae418b0
-
Size
394KB
-
Sample
220705-tftqnaafgj
-
MD5
d438de9e2f55154f0f827ed23f561579
-
SHA1
6be0bfa42f0d3dce6f30b6524a9add0f75e475f7
-
SHA256
537800e50ffeee309268aa0e53fe6e3aaf17c99b19eac369dbc5657f0ae418b0
-
SHA512
1f7becb3d6d2ca596fef40ff56fa0c92f4a47dfb5cb53a149be9eb05903ab83d5706e825270e5435023d41105874c566de097f71badd79ad1644cde65d352a36
Static task
static1
Malware Config
Extracted
vidar
53.1
1519
https://t.me/tg_dailyrunnings
https://mastodon.online/@olegf9844g
-
profile_id
1519
Targets
-
-
Target
537800e50ffeee309268aa0e53fe6e3aaf17c99b19eac369dbc5657f0ae418b0
-
Size
394KB
-
MD5
d438de9e2f55154f0f827ed23f561579
-
SHA1
6be0bfa42f0d3dce6f30b6524a9add0f75e475f7
-
SHA256
537800e50ffeee309268aa0e53fe6e3aaf17c99b19eac369dbc5657f0ae418b0
-
SHA512
1f7becb3d6d2ca596fef40ff56fa0c92f4a47dfb5cb53a149be9eb05903ab83d5706e825270e5435023d41105874c566de097f71badd79ad1644cde65d352a36
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-