General
-
Target
4c703552fcaa8da20df176e85db1bf9d.exe
-
Size
301KB
-
Sample
220717-vfnp3sfbdp
-
MD5
4c703552fcaa8da20df176e85db1bf9d
-
SHA1
f87a578c4e98bfa045b0fb0a8108f3f4aff8942f
-
SHA256
fabe655e8530dad6f5abe1d7aef163d61defadf25e729c77f22c10ac9b9f64e6
-
SHA512
64740e1d74d03198a4b3835cfdb617f30b7f4aebc92d895b5f12552279f37a33dbcca0bf6f8ddf9bf05ed9df650b7dcd97ed77fd3d2006a62f0acc503bf032df
Static task
static1
Behavioral task
behavioral1
Sample
4c703552fcaa8da20df176e85db1bf9d.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
53.2
1415
https://t.me/tgch_hijuly
https://c.im/@olegf9844h
-
profile_id
1415
Targets
-
-
Target
4c703552fcaa8da20df176e85db1bf9d.exe
-
Size
301KB
-
MD5
4c703552fcaa8da20df176e85db1bf9d
-
SHA1
f87a578c4e98bfa045b0fb0a8108f3f4aff8942f
-
SHA256
fabe655e8530dad6f5abe1d7aef163d61defadf25e729c77f22c10ac9b9f64e6
-
SHA512
64740e1d74d03198a4b3835cfdb617f30b7f4aebc92d895b5f12552279f37a33dbcca0bf6f8ddf9bf05ed9df650b7dcd97ed77fd3d2006a62f0acc503bf032df
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-