MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7ca056b4243185dc09bb3d0af624cf7db75928ea2314410007e1cf191c784e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 9


Intelligence 9 IOCs 1 YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7ca056b4243185dc09bb3d0af624cf7db75928ea2314410007e1cf191c784e4
SHA3-384 hash: 8117cd0899ea154fedcfe5b1edfc9f12073bef862b51f47a9c95fc4c554ba803fb2b9ddb0f32b6eb6eacdb3e68ad65b8
SHA1 hash: 9c3187a2813eb24a97fa18ec53c1ffd8037db061
MD5 hash: a2330ba45df8bc98fc43386911fa3e3d
humanhash: coffee-foxtrot-lake-orange
File name:a2330ba45df8bc98fc43386911fa3e3d.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:3'500'688 bytes
First seen:2021-09-11 08:10:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32569d67dc210c5cb9a759b08da2bdb3 (122 x RedLineStealer, 42 x DiamondFox, 37 x RaccoonStealer)
ssdeep 98304:xhCvLUBsgdVsdE027gVFLHfkPJJcb/Au7bMxMIs:xqLUCgeE0aPJGb/Au/wzs
Threatray 540 similar samples on MalwareBazaar
TLSH T1E9F5332035D958F2D941B279EB483BB690BCC7AD8E7041D7BB94855C1F3E4A1B23B89C
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://5.181.156.77/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://5.181.156.77/ https://threatfox.abuse.ch/ioc/219656/

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187031/
Detection(s):
Win.Packed.Barys-9859531-0
Create hunting rule

Win.Malware.Generic-9863888-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Win.Dropper.Upatre-9890301-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Malware family:
Bsymem
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/728d40fe-7b26-4273-8f84-6d631cd8bd1d
Result
Threat name:
BitCoin Miner RedLine Socelars Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/849103
Signature
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Antivirus detection for dropped file
Antivirus detection for URL or domain
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Creates HTML files with .exe extension (expired dropper behavior)
Creates processes via WMI
Disable Windows Defender real time protection (registry)
Downloads files with wrong headers with respect to MIME Content-Type
Drops PE files to the document folder of the user
Found C&C like URL pattern
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
May check the online IP address of the machine
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sets debug register (to hijack the execution of another thread)
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: Suspicious Svchost Process
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected BitCoin Miner
Yara detected RedLine Stealer
Yara detected Socelars
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 481534 Sample: YpfSI6Smpk.exe Startdate: 11/09/2021 Architecture: WINDOWS Score: 100 113 20.189.173.21 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 2->113 115 104.21.17.186 CLOUDFLARENETUS United States 2->115 117 2 other IPs or domains 2->117 147 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->147 149 Multi AV Scanner detection for domain / URL 2->149 151 Antivirus detection for URL or domain 2->151 153 19 other signatures 2->153 11 YpfSI6Smpk.exe 16 2->11         started        14 rundll32.exe 2->14         started        16 svchost.exe 2->16         started        19 svchost.exe 2->19         started        signatures3 process4 dnsIp5 93 C:\Users\user\AppData\...\setup_install.exe, PE32 11->93 dropped 95 C:\Users\user\...\Thu04e19e8fc8a88d97.exe, PE32+ 11->95 dropped 97 C:\Users\user\...\Thu04d17a6788a22f.exe, PE32 11->97 dropped 99 11 other files (5 malicious) 11->99 dropped 22 setup_install.exe 1 11->22         started        26 rundll32.exe 14->26         started        139 System process connects to network (likely due to code injection or exploit) 16->139 119 23.211.4.86 AKAMAI-ASUS United States 19->119 file6 signatures7 process8 dnsIp9 121 hsiens.xyz 104.21.87.76, 49744, 80 CLOUDFLARENETUS United States 22->121 123 127.0.0.1 unknown unknown 22->123 155 Performs DNS queries to domains with low reputation 22->155 157 Adds a directory exclusion to Windows Defender 22->157 28 cmd.exe 22->28         started        30 cmd.exe 1 22->30         started        32 cmd.exe 1 22->32         started        39 7 other processes 22->39 159 Writes to foreign memory regions 26->159 161 Allocates memory in foreign processes 26->161 163 Creates a thread in another existing process (thread injection) 26->163 34 svchost.exe 26->34 injected 37 svchost.exe 26->37 injected signatures10 process11 signatures12 41 Thu043a0fdcf3e2579.exe 28->41         started        46 Thu046904c0f0f.exe 30->46         started        48 Thu04e19e8fc8a88d97.exe 1 13 32->48         started        141 Sets debug register (to hijack the execution of another thread) 34->141 143 Modifies the context of a thread in another process (thread injection) 34->143 50 svchost.exe 34->50         started        145 Adds a directory exclusion to Windows Defender 39->145 52 Thu04fde700aca.exe 39->52         started        54 Thu042cbdf5cc2375b.exe 39->54         started        56 Thu0473774c12e949.exe 2 39->56         started        58 3 other processes 39->58 process13 dnsIp14 125 45.144.225.236, 49751, 49760, 80 DEDIPATH-LLCUS Netherlands 41->125 127 37.0.10.214, 49749, 80 WKD-ASIE Netherlands 41->127 131 5 other IPs or domains 41->131 81 C:\Users\...\zLv3Uv3QupAbj2NjY0Zs3Sot.exe, PE32 41->81 dropped 83 C:\Users\...\poFv557Q8BDoUqsxKdULDBZj.exe, PE32 41->83 dropped 85 C:\Users\...\gAhpW6GAEl6hYz0O98FSP_VX.exe, PE32+ 41->85 dropped 91 27 other files (23 malicious) 41->91 dropped 165 Drops PE files to the document folder of the user 41->165 167 May check the online IP address of the machine 41->167 169 Creates HTML files with .exe extension (expired dropper behavior) 41->169 171 Disable Windows Defender real time protection (registry) 41->171 173 Machine Learning detection for dropped file 46->173 175 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 46->175 177 Checks if the current machine is a virtual machine (disk enumeration) 46->177 60 explorer.exe 46->60 injected 133 3 other IPs or domains 48->133 87 C:\Users\user\AppData\...\aaa_v013[1].dll, DOS 48->87 dropped 179 Tries to harvest and steal browser information (history, passwords, etc) 48->179 129 google.vrthcobj.com 34.97.69.225 GOOGLEUS United States 50->129 181 Query firmware table information (likely to detect VMs) 50->181 135 2 other IPs or domains 52->135 89 C:\Users\user\AppData\Local\...\LzmwAqmV.exe, PE32 52->89 dropped 62 LzmwAqmV.exe 52->62         started        183 Antivirus detection for dropped file 54->183 185 Creates processes via WMI 56->185 65 Thu0473774c12e949.exe 56->65         started        137 3 other IPs or domains 58->137 68 WerFault.exe 58->68         started        file15 signatures16 process17 dnsIp18 101 C:\Users\user\AppData\...\askinstall18.exe, PE32 62->101 dropped 103 C:\Users\user\AppData\Local\Temp\2.exe, PE32 62->103 dropped 105 C:\Users\user\AppData\Local\Temp\jhuuee.exe, PE32+ 62->105 dropped 109 4 other files (none is malicious) 62->109 dropped 70 chrome3.exe 62->70         started        73 CmdCalc.exe 62->73         started        75 RAR.exe 62->75         started        111 live.goatgame.live 104.21.70.98, 443, 49747, 49757 CLOUDFLARENETUS United States 65->111 107 C:\Users\user\AppData\Local\Temp\sqlite.dll, PE32 65->107 dropped 77 conhost.exe 65->77         started        file19 process20 file21 79 C:\Users\user\AppData\...\services64.exe, PE32+ 70->79 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7ca056b4243185dc09bb3d0af624cf7db75928ea2314410007e1cf191c784e4/
Threat name:
Win32.Trojan.SmallDownloader
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 20:18:51 UTC
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7fak22cimmf3qe3wpik6ysm67nxleuouiyuieaapyopdeohqtsa._file
Verdict:
malicious
Similar samples:
051c5d064ba3816e2eb061b2f1b96c8bf3609b038831464596c3a8436d3415eb
RaccoonStealer
077ac4018bc25a85796c54e06872071d561df272188dde34daca7e5d01e950fd
RaccoonStealer
0a823cbd6a32a10c927253fa40466c8a3177e487ee7895a8a2e244a9b4c415fc
RaccoonStealer
3d7ba99d7b360819146cd6223b2d668e8b1a661023f5b36932860bc84271eecd
RaccoonStealer
423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110
RaccoonStealer
45c04168fe1e27939f2e08c178279d8c1aca5eba4ed8f6a717eb70b966cc5617
RaccoonStealer
56e45f6af87cf8505b1d88360f14bf00bca7be5108db4d4283fab4605fca2482
RaccoonStealer
a8d8a6f9478a60a05d3b8c57a616da20c83b99bc7877c46163fcd126bbb25409
RaccoonStealer
bbb1867666dcd3898495a36ebec4d9a00c5c4c519eab587f530f5f5c6d80cb32
RaccoonStealer
bf0c11eae9de14227141901dffc7bdbd1ecb9b0a2cb1e675f7d36ce5eff0679e
RaccoonStealer
+ 530 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:redline family:smokeloader family:vidar botnet:706 botnet:937 botnet:norman33 botnet:test aspackv2 backdoor evasion infostealer stealer themida trojan
Link:
https://tria.ge/reports/210911-j29znaecfl/
Behaviour
Creates scheduled task(s)
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Themida packer
ASPack v2.12-2.42
Downloads MZ/PE file
Executes dropped EXE
Vidar Stealer
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
RedLine
RedLine Payload
SmokeLoader
Vidar
Malware Config
C2 Extraction:
https://eduarroma.tumblr.com/
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
195.19.92.158:28743
https://gheorghip.tumblr.com/
45.14.49.169:22411
Unpacked files
SH256 hash:
5a2934ac710f5995c112da4a32fde9d3de7d9ed3ea0ac5b18a22423d280b5c6d
MD5 hash:
951aaadbe4e0e39a7ab8f703694e887c
SHA1 hash:
c555b3a6701ada68cfd6d02c4bf0bc08ff73810e
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
a18e5d223da775448e2e111101fe1f4ab919be801fd435d3a278718aa5e6ccba
MD5 hash:
0c6cae115465a83f05d3ff391fd009ac
SHA1 hash:
066ea93bb540ae4be0d2e522d4bb59eec74053ad
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
Parent samples :
7755e890ecb6b60a9cbed072a609fbe099968b1fbda51f1d1f940bbc581c9f70
fc2e04d392ab5e508fdf6c90ce456bfd0af6def1f10a2074f82df8f58079d5e4
f29a3cecd0efa7f1f0c45c8572048c942090dcebdd968b9fcf4cce4380c01824
ddeebc8cccc58e25ce1709b0e9a519b2bd46472e928606bc4b0eee2553303203
22275b7c5a57111aca919f6bbfae171e5e99f5ef777d1043802deb672f5136a0
d1f610af3c46fff6c857be0136c696604eb8e7466b4a7e40f6b459cfa8339422
8f9cdf75c272fda7df367232756ea065600077804b16506ee5a4203571328217
0a7d966e66cbd260c909de1d79038c86a071f2f10a810f5890a150b67c4fd954
1b4c7144874551beb52bc3e864822c0b803d0967531addf9612f61898cf2394d
090f1369dc856e37b73969d22799341b1d328a235470ee608d3e32dd34df7022
4879803b6326f27bb8b68448fe7394b2358c2eeb25ec2c4c6a176313d003c29a
7227c5067dc82a381a3c7485a21c64b702f7e987a46d1349f95e269399e862eb
54bcd3308c140c8ec030f98697cc7f0e9d4585d54334a2eb77c58879510d5c8c
47e9b75457446a3b3c86622dd282065b0f88603e2c009670c1f7eaf00183a407
ada6977abf5caa24a75f0db17220267f6b05f11ed949757e8fc8beab3c720fc1
aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
0f3752cdf6653a331205269e6bd6ca4e265247847eed5be677bf758f29235d08
a412840c44db8bca039ce13176d7d6b9be9b2cbd1ef81eb85cd2f0c9180f6511
93ac84d519edb6350cf53736449330985fe1cb52eff043857daf6cca916d6fa3
a3f0b643265e9895b3291658516ce2b34eb06d585bd8ea77fd61fda26917e0d9
5c97c35e6537283493bbfcd8fa178157898e6d266a36eadb9ab23bbcef613efc
SH256 hash:
38046382500f1739883d2c53639ffbc5756843da7574fe3e6820724f522958e2
MD5 hash:
33600475b2cc5445df2d3809c3798311
SHA1 hash:
3cb60432de30b82e87b8b607e0180a7843128b5a
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
Parent samples :
aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
e96f083ab18199d6a745b0fb3a8852b863b94a906664570198c8277abe4195c6
a412840c44db8bca039ce13176d7d6b9be9b2cbd1ef81eb85cd2f0c9180f6511
bf9714f60c2b4b43cc0383b3155d9c737271916032051df041fed54d34f7c765
2c3382e9eb5bbbfe86a88f9d8a75557c3f60707af088ce5f1283ee7a33cc3fbf
a3f0b643265e9895b3291658516ce2b34eb06d585bd8ea77fd61fda26917e0d9
5c97c35e6537283493bbfcd8fa178157898e6d266a36eadb9ab23bbcef613efc
SH256 hash:
12eb2722bc72a4eae0d5911b450a9b8a33a133fbbf74ab2fb208e17fee6bd9f8
MD5 hash:
b630a2c7735cd8bf4a9e53782515a054
SHA1 hash:
f31668c3efd94dbe64d016de77cde482f8718dcf
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
d485f75becb68a833906761f75b8b9072eac046929a7fe2d14360ccf6d2a4558
MD5 hash:
7c3b4386fb2183105068ae22613ebf5b
SHA1 hash:
ed8d947b0232fb9171805cc700c73a6cb35702b2
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
1989ae6901991b21bef4f6781a13f32f548912006ffaa1d84d53f8b117379b95
MD5 hash:
f80acb7bf27f76c6db0c5142650f81fb
SHA1 hash:
a818aaa95845972362ffa3d1ab9c778a6913f74a
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
794e2fdc0b2d3a44f746b53298008b007b2ff091fe37e6b37c1ac14e14fa1f23
MD5 hash:
bcd77e3a6e4515a383b1f417d8cf0253
SHA1 hash:
416510d3db8d8d35dcdd73da9fd865ea962cc7f5
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
ff153a087a100e84abc3598e553a5c203b64446a5ec30270180eaf951345e1f6
MD5 hash:
ec3d834f863440ee99ce4fbfa6e18374
SHA1 hash:
159f1ce8deb74bfde51de5a1a6770ba4aeb55e3b
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
d2377beec3454d945afe5eb8a50f88da5d279daf195aad7246eb9d13fe6adf09
MD5 hash:
03bfbde3938a7c3d9573ee98973651bc
SHA1 hash:
4d2c638e6071c2f5e9e30ffc1b7c48407c961463
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
9c0ef67f53069b6c536d0a48d39021659849e6030009596eb252644d34c22ba6
MD5 hash:
ebab03847265e12c3223b66f16bf64da
SHA1 hash:
305c56392dc460363673c9234c4e0fb3ee977617
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
b3b6df5968e11b89a4132b732f4f756a7e29d20e211db8cfbb873e36ccf71bb8
MD5 hash:
f2f7c988fc4a918a1e2ef2631700c7f3
SHA1 hash:
183e303ad3f7aba9d8d806f220548a472998ce49
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
324eec8ef50b1564c638869414454af9bafa872b803d6b25404691ee6c911274
MD5 hash:
dd5beadba7a9b66ef2a30037a49f27ca
SHA1 hash:
16308474c268a5108edc8dfb483e3d4b75677f00
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
81f9b7475d7549c9ac87c760715ff100f1437b879d9d8b2db20124a4f8a2afd3
MD5 hash:
91e8bba88513eb47949c39b291579ece
SHA1 hash:
d3637ab01d6cb13d09f3d4433a8cf8992c8d12c6
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
38de6970c1b05681f7cd33927305702ed6c23c932ecdd27a913ff6979199044c
MD5 hash:
30ad7210e36ac1e5ba762e0adde4d48c
SHA1 hash:
a1d66f62e58d843f8e189b28f735d6fb41351230
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
SH256 hash:
c7ca056b4243185dc09bb3d0af624cf7db75928ea2314410007e1cf191c784e4
MD5 hash:
a2330ba45df8bc98fc43386911fa3e3d
SHA1 hash:
9c3187a2813eb24a97fa18ec53c1ffd8037db061
Link:
https://www.unpac.me/results/3f683d4d-482b-4f9c-aa34-f8ad741d6c32/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/c7ca056b4243/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7ca056b4243185dc09bb3d0af624cf7db75928ea2314410007e1cf191c784e4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation
Create hunting rule
Author:ditekSHen
Description:Detects executables containing potential Windows Defender anti-emulation checks
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:MALWARE_Win_Vidar
Create hunting rule
Author:ditekSHen
Description:Detects Vidar / ArkeiStealer
Rule name:pe_imphash
Create hunting rule
Rule name:redline_stealer
Create hunting rule
Author:jeFF0Falltrades
Description:This rule matches unpacked RedLine Stealer samples and derivatives (as of APR2021)
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Rule name:Vidar
Create hunting rule
Author:kevoreilly
Description:Vidar Payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/187031/

Comments