General
-
Target
2024-04-28_90588afa689d1ecdedee6fb57bf5b635_bkransomware
-
Size
18.3MB
-
Sample
240428-xrjavaeh91
-
MD5
90588afa689d1ecdedee6fb57bf5b635
-
SHA1
1f49217a42a8f75246c6953749441599d6d97007
-
SHA256
4de1f09c88032d3ec4421c72b04e07f43edf853e32808c4292929637c44534ef
-
SHA512
eb70df8a0134942f4e295a8ecc15845963ae89323c53f1966f3043d1c9536706729495b25ea81541cc062e6ad57e9753ca87d42555002b9477e40917232aacc6
-
SSDEEP
393216:9ml9mCKuyLVEvd9LpBXVujtA6UX5K0r+Xh1SgXrnKXzM6Fw:9mzmnuTBBQjtA3XDrCAIT2tFw
Malware Config
Targets
-
-
Target
2024-04-28_90588afa689d1ecdedee6fb57bf5b635_bkransomware
-
Size
18.3MB
-
MD5
90588afa689d1ecdedee6fb57bf5b635
-
SHA1
1f49217a42a8f75246c6953749441599d6d97007
-
SHA256
4de1f09c88032d3ec4421c72b04e07f43edf853e32808c4292929637c44534ef
-
SHA512
eb70df8a0134942f4e295a8ecc15845963ae89323c53f1966f3043d1c9536706729495b25ea81541cc062e6ad57e9753ca87d42555002b9477e40917232aacc6
-
SSDEEP
393216:9ml9mCKuyLVEvd9LpBXVujtA6UX5K0r+Xh1SgXrnKXzM6Fw:9mzmnuTBBQjtA3XDrCAIT2tFw
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-