General
-
Target
build.exe
-
Size
440KB
-
Sample
230615-fh3vfsef9s
-
MD5
de17f08614075bd220aed0b7b1ca10ba
-
SHA1
27f280eda8b8d6341583d5504969774bef653802
-
SHA256
2638665faa18517d0165b96afc33c533441b6a13e624de1df518eaf36499f5c4
-
SHA512
04689284b82494bb123616a3e17b5cfab307a0da01dde1f610a0ed0070f0112f071369670f7f3d2f52d213211f59119758c0c1786a88c23bcabedee192f40759
-
SSDEEP
12288:0/Q/Xf7amzqCbLa1s7T0LgKA0EtJ+mRzExk7SzmkI9p:4Q3Xw/K+QqDKkyp
Static task
static1
Behavioral task
behavioral1
Sample
Device/HarddiskVolume4/Users/agastinj/AppData/Roaming/build.exe
Resource
win7-20230220-en
Malware Config
Extracted
vidar
34.3
399
http://ps5rent.com/
-
profile_id
399
Targets
-
-
Target
Device/HarddiskVolume4/Users/agastinj/AppData/Roaming/build.exe
-
Size
621KB
-
MD5
81ce57bc6b0c4894ad94120fd0f57b69
-
SHA1
bee7602331f2c867c06d8b9d097bba81ac27792c
-
SHA256
176b654a691b195db171e1c3d179afc365adbd5fd97b515a1dd7241cd0f974d9
-
SHA512
0e7b5b7561f2eda562f0a755c02d84b044b9045ee2d94b5efa51e3b37d5bb2be7099f44a0a945584ff86857f0d09dc2692e8649bd20405f6b71c91c55dd3fe71
-
SSDEEP
12288:qlwg5g9LzIF4chsOkcXae5NDhNqjRAretmWyiUb:e/5IHG4xo5lKketRyd
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-