General
-
Target
1b233f8e414b10c0abf1c928d519bbaf2cada53d9fb0d38304f00132e3c511de
-
Size
3.6MB
-
Sample
240711-2fln2sxcjj
-
MD5
014e476ed0b569ec55b9be8258635857
-
SHA1
ae2dee25bafd624c5569fbdfbfdcef34feba485f
-
SHA256
1b233f8e414b10c0abf1c928d519bbaf2cada53d9fb0d38304f00132e3c511de
-
SHA512
618a63ef553452e5c94234296f2e16b95a65831c7cbe1ecf956494ac2809c3efe30146ec21f41f73d89f35d72b267e81fae79c6d5a8729193449101bf1f179cf
-
SSDEEP
49152:FhwUx4aoQcVi4hgTxcROpTpg0f0QVDzumvcaPf/gvW1SGLubg:vwa4aoQt4ySOpTbl/vczvSSGSbg
Static task
static1
Behavioral task
behavioral1
Sample
1b233f8e414b10c0abf1c928d519bbaf2cada53d9fb0d38304f00132e3c511de.exe
Resource
win7-20240708-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199735694209
https://t.me/puffclou
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Extracted
lumma
https://contemplateodszsv.shop/api
https://applyzxcksdia.shop/api
https://replacedoxcjzp.shop/api
https://declaredczxi.shop/api
https://catchddkxozvp.shop/api
https://arriveoxpzxo.shop/api
https://bindceasdiwozx.shop/api
https://conformfucdioz.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
1b233f8e414b10c0abf1c928d519bbaf2cada53d9fb0d38304f00132e3c511de
-
Size
3.6MB
-
MD5
014e476ed0b569ec55b9be8258635857
-
SHA1
ae2dee25bafd624c5569fbdfbfdcef34feba485f
-
SHA256
1b233f8e414b10c0abf1c928d519bbaf2cada53d9fb0d38304f00132e3c511de
-
SHA512
618a63ef553452e5c94234296f2e16b95a65831c7cbe1ecf956494ac2809c3efe30146ec21f41f73d89f35d72b267e81fae79c6d5a8729193449101bf1f179cf
-
SSDEEP
49152:FhwUx4aoQcVi4hgTxcROpTpg0f0QVDzumvcaPf/gvW1SGLubg:vwa4aoQt4ySOpTbl/vczvSSGSbg
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-