General
-
Target
894ad7da5feb50234864a95e060d48e5.exe
-
Size
292KB
-
Sample
220719-w12ywagaa2
-
MD5
894ad7da5feb50234864a95e060d48e5
-
SHA1
e24835829fdd613c5833ff2bd7ea0447c8376a4a
-
SHA256
f846dfd55ce0099ceda453646bbd75836d41eb0b5b9da30496ca42c831d18ab6
-
SHA512
b34f90e33baefea5cc2c49bd25a89475d8f3d1a14c8c14ed6fc629d34dabc66ac822228e2cb1316a22f0ea2d45eacc5306ebff2e8e71a0b2bc76e3e274ce162a
Static task
static1
Behavioral task
behavioral1
Sample
894ad7da5feb50234864a95e060d48e5.exe
Resource
win7-20220718-en
Malware Config
Extracted
vidar
53.2
1415
https://t.me/tgch_hijuly
https://c.im/@olegf9844h
-
profile_id
1415
Targets
-
-
Target
894ad7da5feb50234864a95e060d48e5.exe
-
Size
292KB
-
MD5
894ad7da5feb50234864a95e060d48e5
-
SHA1
e24835829fdd613c5833ff2bd7ea0447c8376a4a
-
SHA256
f846dfd55ce0099ceda453646bbd75836d41eb0b5b9da30496ca42c831d18ab6
-
SHA512
b34f90e33baefea5cc2c49bd25a89475d8f3d1a14c8c14ed6fc629d34dabc66ac822228e2cb1316a22f0ea2d45eacc5306ebff2e8e71a0b2bc76e3e274ce162a
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-