General
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.15582.17268
-
Size
566KB
-
Sample
210724-37f71s89b6
-
MD5
32d1a33a5dc17560ff620016b398fec9
-
SHA1
d8b202a3e682a0ccb3b7ee2295d5d62133cc7458
-
SHA256
18a3ac7fdc9dd873724112c6a390f3c6e5876c6b72664575bb259ad482fdfa18
-
SHA512
ed3c6d9c9b36aa1d4e1e837c7d081189ec9d177a3fd9d6d1e02c58fea072796220f9322de12cde778c6db3a6d777e1a8c201925fd3e9f284e322ee785c92cadb
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Win32.Save.a.15582.17268.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.7
921
https://shpak125.tumblr.com/
-
profile_id
921
Targets
-
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.15582.17268
-
Size
566KB
-
MD5
32d1a33a5dc17560ff620016b398fec9
-
SHA1
d8b202a3e682a0ccb3b7ee2295d5d62133cc7458
-
SHA256
18a3ac7fdc9dd873724112c6a390f3c6e5876c6b72664575bb259ad482fdfa18
-
SHA512
ed3c6d9c9b36aa1d4e1e837c7d081189ec9d177a3fd9d6d1e02c58fea072796220f9322de12cde778c6db3a6d777e1a8c201925fd3e9f284e322ee785c92cadb
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-