General
-
Target
5c05f9a8dbb32441234866476da8c8bc1ec1622d86037cc2171e742e38ea6b25
-
Size
3.6MB
-
Sample
220801-tcdj9sdahm
-
MD5
1700357d6d5e4bf495c60f9230bbdebe
-
SHA1
12b59646e8326b5b0409dc3633e3f443449bcc40
-
SHA256
5c05f9a8dbb32441234866476da8c8bc1ec1622d86037cc2171e742e38ea6b25
-
SHA512
2c688c9e6f4d4f88252a6afbd26a907dd31ac52ebc474f73c1b27b72e7bef5a02c5f8bd6a4e6605d8d89714a356efc2814882c930ba400132c321ee4cacbe023
Static task
static1
Behavioral task
behavioral1
Sample
5c05f9a8dbb32441234866476da8c8bc1ec1622d86037cc2171e742e38ea6b25.exe
Resource
win7-20220715-en
Malware Config
Extracted
vidar
9.2
231
http://wasabinails.com/
-
profile_id
231
Targets
-
-
Target
5c05f9a8dbb32441234866476da8c8bc1ec1622d86037cc2171e742e38ea6b25
-
Size
3.6MB
-
MD5
1700357d6d5e4bf495c60f9230bbdebe
-
SHA1
12b59646e8326b5b0409dc3633e3f443449bcc40
-
SHA256
5c05f9a8dbb32441234866476da8c8bc1ec1622d86037cc2171e742e38ea6b25
-
SHA512
2c688c9e6f4d4f88252a6afbd26a907dd31ac52ebc474f73c1b27b72e7bef5a02c5f8bd6a4e6605d8d89714a356efc2814882c930ba400132c321ee4cacbe023
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-