General
-
Target
build.exe
-
Size
414KB
-
Sample
230815-zc4pcafe3s
-
MD5
bd06b62ea4fff09796fb732d7acf43e4
-
SHA1
2142df9d749c1a2edfb8c1b44312bea3832cc67a
-
SHA256
eca20cc3b0e127c5c59470de5454b37c8b1842463e3f2b3245580ae4a853d674
-
SHA512
fd26138e42a703896a4e7bba4027aaae509af5f88806e1fe92e1056f10753c30ad2526d43db5eb8820b0aede40aa9d837f295c0cf5234b210e59a67aa929ed74
-
SSDEEP
12288:Fr4yGQgl94bv2an9Oo9FHqKAf6nAtK2iGf26iAQs/JgL:Fr4dQgC9ZAf6nfDGfuAQsCL
Static task
static1
Behavioral task
behavioral1
Sample
Device/HarddiskVolume3/Users/Admin/AppData/Roaming/build.exe
Resource
win7-20230712-en
Malware Config
Extracted
vidar
34.4
399
http://sbershit.com/
-
profile_id
399
Targets
-
-
Target
Device/HarddiskVolume3/Users/Admin/AppData/Roaming/build.exe
-
Size
602KB
-
MD5
1f32c9fe22d20b1c1de8ce1100819696
-
SHA1
ed8f1fa0d50b3a3259bf43994b9e2de8aacf9b1c
-
SHA256
8f3f642ed05e0a68e33f52a06c4d44ab17b529760af1771a92f711506e9041a5
-
SHA512
5b85cd4a741421779db33facc9152cc0e1e3dd2fa508e300780f9f64d5083fcdd6f633ae4a52fedc0a1b99bc72400b6b2fcc2e9f0faa764805c78732632b2421
-
SSDEEP
12288:R1hZzraRO4obSEuA5vIWPIu1CDkAzP3hvLAG:R1fuSbSjyPIPkAzvhDA
-
Vidar Stealer
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-