General
-
Target
NEAS.94c3d62d1cd694ac81760f0816b44730.exe
-
Size
630KB
-
Sample
231028-nt6dqabg44
-
MD5
94c3d62d1cd694ac81760f0816b44730
-
SHA1
8b9b35b7685c9118caa21e9142077c2fa65c01ff
-
SHA256
2bfc91f4857cab7263337f39429a2f529f42eb2978f372011c4c9cc6e0c55ccf
-
SHA512
2775f9078572c709e0f2e6640b1619fe8f5f52e1fdb2ea583868a68f3ffe4160a692bd4ffba0fdd28975c970c165b3ace745530abc3dbe95644869f284e02e0f
-
SSDEEP
12288:14Xa10WFCgyU/9Ct7SiRzdHTSiTfFUITI9q6LEdPi7f2Q3:1l10WFlFS/DTfFUJ9qTdPiyA
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.94c3d62d1cd694ac81760f0816b44730.exe
Resource
win7-20231023-en
Malware Config
Extracted
vidar
39.8
933
https://xeronxikxxx.tumblr.com/
-
profile_id
933
Targets
-
-
Target
NEAS.94c3d62d1cd694ac81760f0816b44730.exe
-
Size
630KB
-
MD5
94c3d62d1cd694ac81760f0816b44730
-
SHA1
8b9b35b7685c9118caa21e9142077c2fa65c01ff
-
SHA256
2bfc91f4857cab7263337f39429a2f529f42eb2978f372011c4c9cc6e0c55ccf
-
SHA512
2775f9078572c709e0f2e6640b1619fe8f5f52e1fdb2ea583868a68f3ffe4160a692bd4ffba0fdd28975c970c165b3ace745530abc3dbe95644869f284e02e0f
-
SSDEEP
12288:14Xa10WFCgyU/9Ct7SiRzdHTSiTfFUITI9q6LEdPi7f2Q3:1l10WFlFS/DTfFUJ9qTdPiyA
-
Vidar Stealer
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-