General
-
Target
noll.exe
-
Size
384KB
-
Sample
241218-mg376awmhr
-
MD5
d78f753a16d17675fb2af71d58d479b0
-
SHA1
71bfc274f7c5788b67f7cfae31be255a63dcf609
-
SHA256
ad9c40c2644ff83e0edbc367c6e62be98c9632157433108c03379351fe7aeca5
-
SHA512
60f4ebe4226fae95f6f1767d6f5fff99f69a126f0c827384c51745c512f495b001051d4273ca23bc177ec2c0511ec7f9ae384e3a5e88e29ce278ac45a55a39b8
-
SSDEEP
6144:elqPvKpKJNJGyRlyY8aSp0Vbux0R4kF/Y/o8+:emRJNMalyjaO0Ix6BY/s
Behavioral task
behavioral1
Sample
noll.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
noll.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11
2ee1445fc63bc20d0e7966867b13e0e1
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
noll.exe
-
Size
384KB
-
MD5
d78f753a16d17675fb2af71d58d479b0
-
SHA1
71bfc274f7c5788b67f7cfae31be255a63dcf609
-
SHA256
ad9c40c2644ff83e0edbc367c6e62be98c9632157433108c03379351fe7aeca5
-
SHA512
60f4ebe4226fae95f6f1767d6f5fff99f69a126f0c827384c51745c512f495b001051d4273ca23bc177ec2c0511ec7f9ae384e3a5e88e29ce278ac45a55a39b8
-
SSDEEP
6144:elqPvKpKJNJGyRlyY8aSp0Vbux0R4kF/Y/o8+:emRJNMalyjaO0Ix6BY/s
-
Detect Vidar Stealer
-
Vidar family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-