MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18393a15374dcaf5d3f244117efd2a58283547d1def2087bb02f1e0be4aae829. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18393a15374dcaf5d3f244117efd2a58283547d1def2087bb02f1e0be4aae829
SHA3-384 hash: 1f7c694749efaa453194db538d639ae5f61560f8224e3c4620be913c34f8bb6e3e16f15b357686713f08669a01dfe36d
SHA1 hash: 46301186bd6de0c3b3ccb34591bce5b060e0b6b8
MD5 hash: 9fb2ae7191bb577b02da0176d5df4c97
humanhash: football-maryland-steak-angel
File name:18ac8d2d85eb670535adeebec3e3890d7056f2307f3bb98d2a78fa71d43ad8b5.exe
Download: download sample
File size:19'461'999 bytes
First seen:2020-06-02 06:13:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 393216:J8KcuZvCmG8Qb6SDPs8eUwBuEN+kDRD+RpZd6S18dTvhPYpBk31iEu+Ga:iKcuZvFe57WUwBzJ1aiPdTvuk3MEn1
Threatray 229 similar samples on MalwareBazaar
TLSH 7C1733349942E98FE3E11C70D5E8EFB8917C2EB81D638215FAA777DE7619B182D12130
Reporter TrappmanRhett

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 14:38:22 UTC
File Type:
PE (Exe)
Extracted files:
2025
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
01d06f60795cc63acabaa25c87909e436a7160a172e59c22f341ebad725998b2
0dea8bae5ab19f84a596f05732d91b60a1fa93cae6dfbbc1166d127c3e2834a0
251c55b7c7c02eec9a87eca94bb01f653317ef5d8278aeb2b511194d7057a675
2a24ef9460476dc67c3e4f5fc17ddcf582e556def4278f8760d27f5b6e0735ca
3425b3af968c358eb243c6a14a34e3019b9fac1261a3ceab452392e606189205
9a8b855058e1d8a31a302dfa49caa68baec7940553466f303a65c5eb032fb4e3
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
c67fe1304d6455bcae5c07b3f7fece584628b05d286b68da6e85275f7695b2aa
d35f40a630b2e4b24ec76c354e1e66d927afe339aaba45ff3c750ed52193c910
+ 219 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar spyware stealer
Link:
https://tria.ge/reports/201109-akhsypd982/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Accesses 2FA software files, possible credential harvesting
JavaScript code in executable
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
ServiceHost packer
Vidar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments