General
-
Target
d408ebd6616988d0dbaae88d2a7251073332b1fb14fefc55358098ad4bebe64c
-
Size
847KB
-
Sample
210727-16ms2l3yms
-
MD5
815a2d0e55582b5f2d4ee8b8a57a3f0c
-
SHA1
447b896424a3418712a54a73a02024edda916f00
-
SHA256
d408ebd6616988d0dbaae88d2a7251073332b1fb14fefc55358098ad4bebe64c
-
SHA512
e1ef9811edeb261ee3b4c7391dd98c0a12938dbbc110b1211ab991a52b7ae5056e16e3793a82c1c580e8833c5cb8836265ccd89993bdf81960cd405f3a2cb9ad
Static task
static1
Malware Config
Extracted
vidar
39.7
517
https://shpak125.tumblr.com/
-
profile_id
517
Targets
-
-
Target
d408ebd6616988d0dbaae88d2a7251073332b1fb14fefc55358098ad4bebe64c
-
Size
847KB
-
MD5
815a2d0e55582b5f2d4ee8b8a57a3f0c
-
SHA1
447b896424a3418712a54a73a02024edda916f00
-
SHA256
d408ebd6616988d0dbaae88d2a7251073332b1fb14fefc55358098ad4bebe64c
-
SHA512
e1ef9811edeb261ee3b4c7391dd98c0a12938dbbc110b1211ab991a52b7ae5056e16e3793a82c1c580e8833c5cb8836265ccd89993bdf81960cd405f3a2cb9ad
-
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-