General
-
Target
9eaae8e37d67a66203912ee78be8c3bd
-
Size
617KB
-
Sample
240215-1tmb3ahf7y
-
MD5
9eaae8e37d67a66203912ee78be8c3bd
-
SHA1
dd0975d6b7a28cf0730495d6873e220d4064081e
-
SHA256
5acfa6fa8892b4a6fd659c5e05cd5c80a1e51c4b80c11e9fa0ba477f2e6137d9
-
SHA512
7342dbe3474338c6ad8b6b188825e89c0ecafe29d4333d77d796ea1c77c79ac94a30abbba539a8a98943498bc142b24f51dead25e5271b7c0e138f335388c870
-
SSDEEP
12288:V5VqlAqsvyBT04oKO1ua1Ua/KQOK5+NfYdQNUfs4jEwd7JBujxId+2LU:V5vvU6VqK8Qd1sOBdjujxxs
Static task
static1
Behavioral task
behavioral1
Sample
9eaae8e37d67a66203912ee78be8c3bd.exe
Resource
win7-20231215-en
Malware Config
Extracted
vidar
8
237
http://hospitaleco.com/
-
profile_id
237
Targets
-
-
Target
9eaae8e37d67a66203912ee78be8c3bd
-
Size
617KB
-
MD5
9eaae8e37d67a66203912ee78be8c3bd
-
SHA1
dd0975d6b7a28cf0730495d6873e220d4064081e
-
SHA256
5acfa6fa8892b4a6fd659c5e05cd5c80a1e51c4b80c11e9fa0ba477f2e6137d9
-
SHA512
7342dbe3474338c6ad8b6b188825e89c0ecafe29d4333d77d796ea1c77c79ac94a30abbba539a8a98943498bc142b24f51dead25e5271b7c0e138f335388c870
-
SSDEEP
12288:V5VqlAqsvyBT04oKO1ua1Ua/KQOK5+NfYdQNUfs4jEwd7JBujxId+2LU:V5vvU6VqK8Qd1sOBdjujxxs
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-