General
-
Target
file
-
Size
310KB
-
Sample
240229-xvdjrsad44
-
MD5
bee6e839a24e1402cace0b87fedf9b93
-
SHA1
2183f660ffe8bc1b3173a32e89ce80e6f5df679e
-
SHA256
66b61a05558ee51a5a6ba2304d14ceb924625da91d352af4d0c577ba2f1a32e1
-
SHA512
bacf9c0637509461497f220c361532418c9ca97e8f0b0071658ec52043f09318f2066227ed301eea6e8575a6d3d785c32ada0511415c00589512d973288577b3
-
SSDEEP
3072:WiFgAkHnjP/Q6KSEy/bHKPaW+LN7DxRLlzglKjhl49:HgAkHnjP/QBSE0qPCN7jBjhl49
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win10-20240221-en
Malware Config
Extracted
vidar
7.8
97b92d10859a319d8736cd53ff3f8868
http://5.252.118.12:80
https://t.me/voolkisms
https://t.me/karl3on
https://steamcommunity.com/profiles/76561199637071579
-
profile_id_v2
97b92d10859a319d8736cd53ff3f8868
-
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9
Targets
-
-
Target
file
-
Size
310KB
-
MD5
bee6e839a24e1402cace0b87fedf9b93
-
SHA1
2183f660ffe8bc1b3173a32e89ce80e6f5df679e
-
SHA256
66b61a05558ee51a5a6ba2304d14ceb924625da91d352af4d0c577ba2f1a32e1
-
SHA512
bacf9c0637509461497f220c361532418c9ca97e8f0b0071658ec52043f09318f2066227ed301eea6e8575a6d3d785c32ada0511415c00589512d973288577b3
-
SSDEEP
3072:WiFgAkHnjP/Q6KSEy/bHKPaW+LN7DxRLlzglKjhl49:HgAkHnjP/QBSE0qPCN7jBjhl49
Score10/10-
Detect Vidar Stealer
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-