MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3
SHA3-384 hash:	c27bfe53ffb43433f783220cbff2e35152d15e020798375c813ed0dc2adfb4485d3d1216f11a922bd7a01c60ac700542
SHA1 hash:	f5cae56f74c344d79972540b9bb4d315b6df3ce1
MD5 hash:	07e6d28d53af0260c1cf07a1a7171fc7
humanhash:	ten-mexico-nineteen-autumn
File name:	SecuriteInfo.com.Variant.Razy.654349.15187.30626
Download:	download sample
File size:	2'721'792 bytes
First seen:	2020-05-04 10:48:44 UTC
Last seen:	2020-05-04 11:41:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9d6b988ee2ff900bb46f7b1ad8162182 (3 x ArkeiStealer)
ssdeep	49152:5YT+AocwN7kNIH87mum7+lgPPTQaCBwjVe87Nk7NmIKhQKXJ:s+AbwJkNh7R9l2QaCaj44D
Threatray	185 similar samples on MalwareBazaar
TLSH	2FC533D86B5136E0CEA6D071DBA7B1DBE4ED871CD724DEDB8846A40D346C0A782EF448
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

2

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.654349.15187.30626.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Razy

Status:

Malicious

First seen:

2020-05-04 08:30:42 UTC

File Type:

PE (Exe)

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

138186892d63fe3b0d5f8c62bd3b11737392e22fd5fd68f32dd5612e78a6407c

1553300557f17e7cb62c914616267bc733854b98a0edc5215d901cc4f8e4d0f0

32c17a6caeed78f79e06de58d5229927f77bc8c6b4865b41289d4da886a07df4

484ff6267219f9eb4794c1f20aaa9562a459e0d1a787743592b1532eda3be541

496b39b696da8c81b7f0d57b3b591a9c948bf88d8ba375618703edcb18f4c27d

6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59

7a445143a652f58fa4abc4957269aea8f884f71e7f4654b56385491eb544b0a5

8bbb8fe69100550248f4663e911a16bca03432bef9112dd0924d7a9c3dae8464

daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0

f09dc0b3275b4c1e3a616911805011c2871af1407599493dc980b6987cb313eb

+ 175 additional samples on MalwareBazaar

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar discovery evasion spyware stealer trojan

Link:

https://tria.ge/reports/201109-cc97nsexcs/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Looks up external IP address via web service

Checks BIOS information in registry

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/356823/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample