MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2587f1479965f71d98a3f9ead9b9ae00fd71cb0efd00ce8843da9a8c443d0af9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	2587f1479965f71d98a3f9ead9b9ae00fd71cb0efd00ce8843da9a8c443d0af9
SHA3-384 hash:	03bd6467091f837adce2b5f788106105f3965c82346260a228c83f5538e237cc3aaf7c3dd41146898bc3a5bc8dde1fe5
SHA1 hash:	91e49d21e5abc910f857e9a3e20bb692e2c45e7b
MD5 hash:	058685ba83428d4295949d9fb64cbfd9
humanhash:	alanine-undress-west-angel
File name:	SecuriteInfo.com.Variant.Razy.666259.18937.228
Download:	download sample
File size:	3'244'544 bytes
First seen:	2020-05-08 02:50:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9d6b988ee2ff900bb46f7b1ad8162182 (3 x ArkeiStealer)
ssdeep	49152:QjMhb4WeYG0WxP2ejnEUzBhJykEjrAa+BMdvlsGPjIjQH1s:XhbMT0WxBnEUznc+BY1jA61
Threatray	120 similar samples on MalwareBazaar
TLSH	B0E53389E964A5C2DCD0B2FF020AF27325B15EE431AE119266F0B59D947488FEE30F5D
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.666259.18937.228.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Occamy

Status:

Malicious

First seen:

2020-05-07 22:41:06 UTC

File Type:

PE (Exe)

Extracted files:

12

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

12e01498b7e13b32762590b5b20c5310bf388ea837dc52323dc9bc90de1166f6

2ad7a9c76778a5cbbf458819852689c82153acca51da8fe58eed37c126d5b755

7caa60665e3824a3571669e2f6efe2757e5521af83e28022e5079074e042d52f

8078d97844b57f9ee1521ac19ed0382b13c249a5fc9440d72e032589d1bf1280

9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50

a361c3ef57783d4012857a289d088c19682187bb0b6f15eabb73865d1d54e180

a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0

ac0df53e11fe25d8523b781869fc8dbb6c94ce98c3c68a3e25142aa07f583035

cf4ee4097cc5954454ca5204a2e12bb7f22890b050fbdbbb8cf467358d36b44b

fdd40bcfba668b785d404214fd35db117b186e21944b24f16540cce86f7bec78

+ 110 additional samples on MalwareBazaar

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar discovery evasion spyware stealer trojan

Link:

https://tria.ge/reports/201109-4t5kk8yx6a/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Looks up external IP address via web service

Checks BIOS information in registry

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 2587f1479965f71d98a3f9ead9b9ae00fd71cb0efd00ce8843da9a8c443d0af9

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/359361/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample