General
-
Target
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375.exe
-
Size
559KB
-
Sample
241010-nc9ptavbkd
-
MD5
ab42cac4652c80d4884a0647e191fb9b
-
SHA1
397ccfc27b441e39cdfe1003723cc5bda338162f
-
SHA256
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375
-
SHA512
6b8259b78449e5f5d48fcf5bd1aef04a2de46908127a3ab7aa642aa124f2f1e7290349cdadb1549134cb65a845ae81d43241d20d0a159ba731fa7798e97da03a
-
SSDEEP
12288:PFdmQisJRpSFxTMiLRNdLomAUt36Fo2vSehEzbiUpQP2EO:z7RoD7RbLAUZ2QG2t
Static task
static1
Behavioral task
behavioral1
Sample
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
http://proxy.johnmccrea.com/
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375.exe
-
Size
559KB
-
MD5
ab42cac4652c80d4884a0647e191fb9b
-
SHA1
397ccfc27b441e39cdfe1003723cc5bda338162f
-
SHA256
2ffef01bdc9bae49a79e618e8300421e0bb8aa08b2d0c81fbea2b76d12c49375
-
SHA512
6b8259b78449e5f5d48fcf5bd1aef04a2de46908127a3ab7aa642aa124f2f1e7290349cdadb1549134cb65a845ae81d43241d20d0a159ba731fa7798e97da03a
-
SSDEEP
12288:PFdmQisJRpSFxTMiLRNdLomAUt36Fo2vSehEzbiUpQP2EO:z7RoD7RbLAUZ2QG2t
Score10/10-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-