General
-
Target
7811c8e24019a783e1c72e7eeb58215f.bin
-
Size
1.4MB
-
Sample
230329-bsv55sfh7v
-
MD5
a2f92d82ceeb7793ea8220a504883b30
-
SHA1
0ff679e96157ea8eeb36800a8533c7cf6f1d2d31
-
SHA256
d31807444bfccc0098292f170da09220ed8f5c1aaccf08d9d01c9438c7e0c4f8
-
SHA512
eb496c1c8e33ee9b62fa1b6aa99039120bdf361ff69227167b462b2330622eb5c9021555de2620c26860f5022acd2fe73628c1e09a378303ecd8a78e85742a15
-
SSDEEP
24576:U+3ZR8V8/yLMTT9qS9/DBFev0JhQ9j9rIO9DzSH2V5dU1lz3:UkZR86/yLMHH9/Di2hCJxx5dKlz3
Malware Config
Extracted
vidar
3.1
ba1fc89d9f7df84dadf34886aabb246c
https://t.me/owned001
http://65.109.236.2:80
https://t.me/tabootalks
https://steamcommunity.com/profiles/76561199472266392
http://135.181.26.183:80
-
profile_id_v2
ba1fc89d9f7df84dadf34886aabb246c
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
b70354fa72344ed5262ef55243ab71e20149fcd87ec772b4b77ea44c93ff79b8.exe
-
Size
1.7MB
-
MD5
7811c8e24019a783e1c72e7eeb58215f
-
SHA1
d21422ed627d291a80e08fa77d3cfc126e94d4cc
-
SHA256
b70354fa72344ed5262ef55243ab71e20149fcd87ec772b4b77ea44c93ff79b8
-
SHA512
1f6299d5df5fa6c59f5cefe1a4b64e19511e5308c82d279d237bf1d6492fcc7e01eff349382c9dfddaf51e01f55d735849c6ba351f86a4fa437dae811efbcf10
-
SSDEEP
24576:IzYyxHFKIlJX0oXMAsksIyESF/PvWGS5JcT1pWNpFj6zpe3rNNyJfOxmsAYQCOUO:+YyjxM3kMF/Eb+o3QYQJURnCyZrxS
Score10/10-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-