General
-
Target
RalphCvs.exe
-
Size
863KB
-
Sample
241218-r4e63asnat
-
MD5
1f4548aac2c166bacd286c6f5243908f
-
SHA1
4f1aa4c962860e6c80c626c367ce60b87fc62022
-
SHA256
023b8573a4295c5f78f6e89b13062e5c185d74e57d2b1c8ec066393bba87313a
-
SHA512
889bb965859ef077ced15d0f15e4c75b743726582841b72b9634f958749671325965a1ee99c680d72db1b19a5b05a4868b7017baa73c7b88673a96689e32ce93
-
SSDEEP
24576:wy0fEYxFMyNiAX1dwhCEcAXWnKu4UaOa1/lLD:3AjP1dwhCVvnKXUaOU/lLD
Static task
static1
Behavioral task
behavioral1
Sample
RalphCvs.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RalphCvs.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
RalphCvs.exe
-
Size
863KB
-
MD5
1f4548aac2c166bacd286c6f5243908f
-
SHA1
4f1aa4c962860e6c80c626c367ce60b87fc62022
-
SHA256
023b8573a4295c5f78f6e89b13062e5c185d74e57d2b1c8ec066393bba87313a
-
SHA512
889bb965859ef077ced15d0f15e4c75b743726582841b72b9634f958749671325965a1ee99c680d72db1b19a5b05a4868b7017baa73c7b88673a96689e32ce93
-
SSDEEP
24576:wy0fEYxFMyNiAX1dwhCEcAXWnKu4UaOa1/lLD:3AjP1dwhCVvnKXUaOU/lLD
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-