General
-
Target
62cb8ffcd08fadd1ea237743e3d45715e1cd980060996e8f6e57e03f2b6eef52
-
Size
545KB
-
Sample
240412-1nwcsaaa2x
-
MD5
40fb348c1092ed74766def033e31a413
-
SHA1
a67589149215ec3ed06a6572bceb79af90f6b6a0
-
SHA256
62cb8ffcd08fadd1ea237743e3d45715e1cd980060996e8f6e57e03f2b6eef52
-
SHA512
a90da55944759c98f434d7ce8f81996d4dff537dd48526d48a32def753cdf54640551e12d7fda31a917ec6cf5e8e502fc6c4734551a9044f8f73ba94738dee17
-
SSDEEP
12288:mSAF2Na9oopVqwFG4qOdIDfo1jWDfXPPPnz76AhXBFJ:mOa9oG3FG4qPfoIDf/Pb7XXBn
Behavioral task
behavioral1
Sample
62cb8ffcd08fadd1ea237743e3d45715e1cd980060996e8f6e57e03f2b6eef52.exe
Resource
win7-20240221-en
Malware Config
Extracted
vidar
8.3
237
http://hosportos.com/
-
profile_id
237
Targets
-
-
Target
62cb8ffcd08fadd1ea237743e3d45715e1cd980060996e8f6e57e03f2b6eef52
-
Size
545KB
-
MD5
40fb348c1092ed74766def033e31a413
-
SHA1
a67589149215ec3ed06a6572bceb79af90f6b6a0
-
SHA256
62cb8ffcd08fadd1ea237743e3d45715e1cd980060996e8f6e57e03f2b6eef52
-
SHA512
a90da55944759c98f434d7ce8f81996d4dff537dd48526d48a32def753cdf54640551e12d7fda31a917ec6cf5e8e502fc6c4734551a9044f8f73ba94738dee17
-
SSDEEP
12288:mSAF2Na9oopVqwFG4qOdIDfo1jWDfXPPPnz76AhXBFJ:mOa9oG3FG4qPfoIDf/Pb7XXBn
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
UPX dump on OEP (original entry point)
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-