General
-
Target
f0dd5cefbafa298fc24dfae541f77b1b.exe
-
Size
302KB
-
Sample
220717-badhdahdh9
-
MD5
f0dd5cefbafa298fc24dfae541f77b1b
-
SHA1
7977a795f9e97d3579ae2b09d9123ec3dd4d8669
-
SHA256
9542b24f1b9c2e97e1ee50aa168a5de141d4a1148b1c1e243b3df7df38f30725
-
SHA512
1739508ea181edc2b9ca6fbab8f2b05c4e684ce3b455f5b6113f1dc27fd9d9124e161162bd7b2ac05e406b7e8861e07de44e3d71b898b61a2b1512ba85fbaad4
Static task
static1
Behavioral task
behavioral1
Sample
f0dd5cefbafa298fc24dfae541f77b1b.exe
Resource
win7-20220715-en
Malware Config
Extracted
vidar
53.2
1415
https://t.me/tgch_hijuly
https://c.im/@olegf9844h
-
profile_id
1415
Targets
-
-
Target
f0dd5cefbafa298fc24dfae541f77b1b.exe
-
Size
302KB
-
MD5
f0dd5cefbafa298fc24dfae541f77b1b
-
SHA1
7977a795f9e97d3579ae2b09d9123ec3dd4d8669
-
SHA256
9542b24f1b9c2e97e1ee50aa168a5de141d4a1148b1c1e243b3df7df38f30725
-
SHA512
1739508ea181edc2b9ca6fbab8f2b05c4e684ce3b455f5b6113f1dc27fd9d9124e161162bd7b2ac05e406b7e8861e07de44e3d71b898b61a2b1512ba85fbaad4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-