General
-
Target
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
-
Size
4.4MB
-
Sample
240701-bf16mavckj
-
MD5
c5f20b0cb835adff91c281ba3e9995e3
-
SHA1
b7edfc4fb9befe9acf241e423741e27d68dfd832
-
SHA256
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
-
SHA512
233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
-
SSDEEP
49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
Static task
static1
Behavioral task
behavioral1
Sample
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
Resource
win7-20240508-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Extracted
lumma
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
-
Size
4.4MB
-
MD5
c5f20b0cb835adff91c281ba3e9995e3
-
SHA1
b7edfc4fb9befe9acf241e423741e27d68dfd832
-
SHA256
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
-
SHA512
233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
-
SSDEEP
49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
-
Detect Vidar Stealer
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-