General
-
Target
96a51ba45cd25d1b58f7e64b3a131ef7c0c25a91ef003f341018abb71de81e4e
-
Size
6.2MB
-
Sample
220725-km41jabfam
-
MD5
07e212515b4c73f9052e7717639d8d5e
-
SHA1
be0dd8e07c98702b4ad0b8e3160d1e975e36ba63
-
SHA256
96a51ba45cd25d1b58f7e64b3a131ef7c0c25a91ef003f341018abb71de81e4e
-
SHA512
886528681608a562a1f8417eed0e03d12b28409244535e95662cc2e1ed19c406c6aa0fd985f46395645cd49f00d8a407dd391dd9f351e547a818952a0ef9dae1
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220718-en
Malware Config
Extracted
vidar
52.1
1328
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1328
Targets
-
-
Target
Setup.exe
-
Size
700.0MB
-
MD5
253758f32cb3d42db3a65c654abe0a2c
-
SHA1
f8979d8f1b3cc72d790bbfe794549bc16a0f64f5
-
SHA256
d8742679698817b4e8494b827c1ac998d0b60dfa8674766de6d64405274f9636
-
SHA512
5f999ab94f7bc61f3f46a367f3e5697ac09b98cf7006c5859d59c4569d1399994adf871f2bac6f2b7ae2659c45a30c365ae38b9b7098706ac10a6262b531bc65
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-