General
-
Target
d1c5dce3d438c76addcfed20a46330ddadbe829fd49452f5728414057b441923
-
Size
5.0MB
-
Sample
240712-hq2ngavfqf
-
MD5
63138dfb6f059b316cef364b01ce34e6
-
SHA1
5c225a8f99eb3992a0a0ce416648fef02023244d
-
SHA256
d1c5dce3d438c76addcfed20a46330ddadbe829fd49452f5728414057b441923
-
SHA512
69a40a3e156ed950458fc6f79fffd42b2ee67a03be616b2874aa3dd1e60ded73a363e8f8d82543b8b0fa00f626439508f799c06a559e3466b589d7e6d3e1fb78
-
SSDEEP
98304:WPaFb2DelKDuO4za6WtlXtAJMT1VqHuH3qk8Nfs9H+:fFailK6O418NtAST1eM/8Nfs9H+
Static task
static1
Behavioral task
behavioral1
Sample
d1c5dce3d438c76addcfed20a46330ddadbe829fd49452f5728414057b441923.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199735694209
https://t.me/puffclou
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Extracted
lumma
https://contemplateodszsv.shop/api
https://applyzxcksdia.shop/api
https://replacedoxcjzp.shop/api
https://declaredczxi.shop/api
https://catchddkxozvp.shop/api
https://arriveoxpzxo.shop/api
https://bindceasdiwozx.shop/api
https://conformfucdioz.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
d1c5dce3d438c76addcfed20a46330ddadbe829fd49452f5728414057b441923
-
Size
5.0MB
-
MD5
63138dfb6f059b316cef364b01ce34e6
-
SHA1
5c225a8f99eb3992a0a0ce416648fef02023244d
-
SHA256
d1c5dce3d438c76addcfed20a46330ddadbe829fd49452f5728414057b441923
-
SHA512
69a40a3e156ed950458fc6f79fffd42b2ee67a03be616b2874aa3dd1e60ded73a363e8f8d82543b8b0fa00f626439508f799c06a559e3466b589d7e6d3e1fb78
-
SSDEEP
98304:WPaFb2DelKDuO4za6WtlXtAJMT1VqHuH3qk8Nfs9H+:fFailK6O418NtAST1eM/8Nfs9H+
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-