General
-
Target
1bc68d708e953bf10bbf6744a6b91b28.exe
-
Size
959KB
-
Sample
241121-gzwcdayfjg
-
MD5
1bc68d708e953bf10bbf6744a6b91b28
-
SHA1
a6938a273e7a82cf4909ca40d224a6430f6a2860
-
SHA256
9c46859695bed9bd827e2292e634c39e2982f40d9be6b170d185ae154a1a6a5f
-
SHA512
d402f564fc707cdfd6b0853da5c70f0fe7b87e933ce4ff27b28325497dc70439db82bb02c12ed7f1ed804ee3730278117302489c645efbade654f7a9bbd48a06
-
SSDEEP
24576:2aTm8nQDF5o5nsuru7m/vQ4MYTsPP+1b3PqfRQ2/9:7pQR2RszOQ4JgPYb3YR/9
Static task
static1
Behavioral task
behavioral1
Sample
1bc68d708e953bf10bbf6744a6b91b28.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1bc68d708e953bf10bbf6744a6b91b28.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.5
583ba11aa826bd4d97a3a14cb18c8fac
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
1bc68d708e953bf10bbf6744a6b91b28.exe
-
Size
959KB
-
MD5
1bc68d708e953bf10bbf6744a6b91b28
-
SHA1
a6938a273e7a82cf4909ca40d224a6430f6a2860
-
SHA256
9c46859695bed9bd827e2292e634c39e2982f40d9be6b170d185ae154a1a6a5f
-
SHA512
d402f564fc707cdfd6b0853da5c70f0fe7b87e933ce4ff27b28325497dc70439db82bb02c12ed7f1ed804ee3730278117302489c645efbade654f7a9bbd48a06
-
SSDEEP
24576:2aTm8nQDF5o5nsuru7m/vQ4MYTsPP+1b3PqfRQ2/9:7pQR2RszOQ4JgPYb3YR/9
-
Detect Vidar Stealer
-
Vidar family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-