General
-
Target
ee7f7c6c445805dbd78c7db236658636b5c5f07f38140fa31f81ed0f0b484c0f
-
Size
410KB
-
Sample
220705-x1639seae5
-
MD5
0a4fc3763f95414ba1710f240aa942d9
-
SHA1
d7dbd0b0e5f53d917382c2273c946c7bd1e40118
-
SHA256
ee7f7c6c445805dbd78c7db236658636b5c5f07f38140fa31f81ed0f0b484c0f
-
SHA512
5563d860842434bbc2130de960676e273492e112643c114a9ec51b95c591a715b2e5335f91c60cf96bd1b8888eac58d264fd7c9e1eb10fed38c46e1b5df07623
Static task
static1
Malware Config
Extracted
vidar
53.1
1519
https://t.me/tg_dailyrunnings
https://mastodon.online/@olegf9844g
-
profile_id
1519
Targets
-
-
Target
ee7f7c6c445805dbd78c7db236658636b5c5f07f38140fa31f81ed0f0b484c0f
-
Size
410KB
-
MD5
0a4fc3763f95414ba1710f240aa942d9
-
SHA1
d7dbd0b0e5f53d917382c2273c946c7bd1e40118
-
SHA256
ee7f7c6c445805dbd78c7db236658636b5c5f07f38140fa31f81ed0f0b484c0f
-
SHA512
5563d860842434bbc2130de960676e273492e112643c114a9ec51b95c591a715b2e5335f91c60cf96bd1b8888eac58d264fd7c9e1eb10fed38c46e1b5df07623
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-