General
-
Target
EC306F0A108C77A02AB48C5C85296C4B3B7D4B690245F.exe
-
Size
2.1MB
-
Sample
220813-wwfj3scfap
-
MD5
ca6a56773bcfecf81d5ab307173ff9b3
-
SHA1
a9d0ce078ee1b6eb453009235dd9819dfa94cfd1
-
SHA256
ec306f0a108c77a02ab48c5c85296c4b3b7d4b690245f9dd8a67df774b641cf8
-
SHA512
4943b2a2d7692b8b10b86026e8e77f794717f18cb3a2d427c450489fecfb1b559dbd133069a0f97040c976e99c44927c7104059e288a9982777f1f6ea91ed39b
Static task
static1
Behavioral task
behavioral1
Sample
EC306F0A108C77A02AB48C5C85296C4B3B7D4B690245F.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
39.7
706
https://shpak125.tumblr.com/
-
profile_id
706
Targets
-
-
Target
EC306F0A108C77A02AB48C5C85296C4B3B7D4B690245F.exe
-
Size
2.1MB
-
MD5
ca6a56773bcfecf81d5ab307173ff9b3
-
SHA1
a9d0ce078ee1b6eb453009235dd9819dfa94cfd1
-
SHA256
ec306f0a108c77a02ab48c5c85296c4b3b7d4b690245f9dd8a67df774b641cf8
-
SHA512
4943b2a2d7692b8b10b86026e8e77f794717f18cb3a2d427c450489fecfb1b559dbd133069a0f97040c976e99c44927c7104059e288a9982777f1f6ea91ed39b
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-