MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66975bc786d75e74c15a0362fb843c7d3883dcd6ccec24b3954b37ad25a3c384. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 3


Intelligence 3 IOCs YARA 12 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66975bc786d75e74c15a0362fb843c7d3883dcd6ccec24b3954b37ad25a3c384
SHA3-384 hash: 8bb58b47f541fc4f2c087b3f4db315822765739cf0d58e0d8453c9e61c4aee93c1e0ff4f7bff85836603987c3bb50c46
SHA1 hash: 7e91f7543a668355857d5fff056fa538ec8efa98
MD5 hash: 4ee4e4850bd4969b8896758c8c461747
humanhash: black-shade-apart-maryland
File name:Application-Set-up.vhdx
Download: download sample
Signature Vidar
Create hunting rule
File size:71'303'168 bytes
First seen:2024-12-15 19:18:20 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 98304:p86y8/jvArM62IbkCeU0c3XwWB64GYHeVdPod577B:p86pLYr72IxphvGYHeVtodl
TLSH T11EF70211B3C6C232D16E4137D56AEB0AA239FD67073142C7B3E6B65E1E719C05A3EB12
Magika iso
Reporter smica83
Tags:HUN vhdx vidar

Intelligence

File Origin
# of uploads :
1
# of downloads :
293
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675fdb968fb73f13afcc974b
Tags:
gafgyt mirai nsis
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/66975bc786d75e74c15a0362fb843c7d3883dcd6ccec24b3954b37ad25a3c384
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m2lvxr4g25phjqk2anrpxbb4pu4ihxgwztwcjm4vjm322jndyoca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Script
Create hunting rule
Author:@bartblaze
Description:Identifies AutoIT script. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_LATAM_MSI_Banker
Create hunting rule
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:RansomPyShield_Antiransomware
Create hunting rule
Author:XiAnzheng
Description:Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Vidar

66975bc786d75e74c15a0362fb843c7d3883dcd6ccec24b3954b37ad25a3c384

(this sample)

Vidar

Executable exe b9c936992c244ab9864cf92bfe3365f7316b306846a4827aa91740da78dee813

Vidar

Microsoft Software Installer (MSI) msi ddd22d09ad72e3f85df114c4f899c52dc194a45896ec661bc119fe20b0b5fb27

  
Dropping
SHA256 ddd22d09ad72e3f85df114c4f899c52dc194a45896ec661bc119fe20b0b5fb27
  
Dropping
MD5 faea2166d539677cfb5f749ee521f06c

Comments