General
-
Target
ddeeff4e5314374020eec0588d404cbd6ffd20ebf828bc81e9b0816def71232f
-
Size
5.9MB
-
Sample
240704-2qphpawdkd
-
MD5
048aee0544f6faf502419b571a053980
-
SHA1
047c0fb760c3af3b0a1e741bd808858090dd70bf
-
SHA256
ddeeff4e5314374020eec0588d404cbd6ffd20ebf828bc81e9b0816def71232f
-
SHA512
4fa292dade05bfc568ba6a39f129bdf88e59486faadebd64f2488fac79893c49b95c1bd7a606afae5e2add7cfece62554aa6d0e5ebd9f4eb75ba20dd462e8940
-
SSDEEP
98304:jYBYLosS6pvT7gIit3r648uaK9hobG/c70C0LRaFS:cBYLNS6pvT76t3r6bJK9hobZEVp
Static task
static1
Behavioral task
behavioral1
Sample
ddeeff4e5314374020eec0588d404cbd6ffd20ebf828bc81e9b0816def71232f.exe
Resource
win7-20240704-en
Malware Config
Extracted
vidar
https://t.me/bu77un
https://steamcommunity.com/profiles/76561199730044335
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Extracted
lumma
https://civilizzzationo.shop/api
Targets
-
-
Target
ddeeff4e5314374020eec0588d404cbd6ffd20ebf828bc81e9b0816def71232f
-
Size
5.9MB
-
MD5
048aee0544f6faf502419b571a053980
-
SHA1
047c0fb760c3af3b0a1e741bd808858090dd70bf
-
SHA256
ddeeff4e5314374020eec0588d404cbd6ffd20ebf828bc81e9b0816def71232f
-
SHA512
4fa292dade05bfc568ba6a39f129bdf88e59486faadebd64f2488fac79893c49b95c1bd7a606afae5e2add7cfece62554aa6d0e5ebd9f4eb75ba20dd462e8940
-
SSDEEP
98304:jYBYLosS6pvT7gIit3r648uaK9hobG/c70C0LRaFS:cBYLNS6pvT76t3r6bJK9hobZEVp
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-