General
-
Target
16392aff3e3d431b88c986092e59ee3e.exe
-
Size
537KB
-
Sample
210727-2a7fblwhds
-
MD5
16392aff3e3d431b88c986092e59ee3e
-
SHA1
d6bc54ace7185f1dd448d4e51ab13f1cd7172711
-
SHA256
fd1ccacb667af6c1bb28bbfa7da1729407f873d3e69c28d8cc933af562e95624
-
SHA512
89eb197f9b5581fe1638415b76a21b6dfd716923b39b941668649c47e2d3cc2553220a4606a63b2615946fc4e81f0f96ebd1a72f6ebebdce669fec05845b7057
Static task
static1
Behavioral task
behavioral1
Sample
16392aff3e3d431b88c986092e59ee3e.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.7
313
https://shpak125.tumblr.com/
-
profile_id
313
Targets
-
-
Target
16392aff3e3d431b88c986092e59ee3e.exe
-
Size
537KB
-
MD5
16392aff3e3d431b88c986092e59ee3e
-
SHA1
d6bc54ace7185f1dd448d4e51ab13f1cd7172711
-
SHA256
fd1ccacb667af6c1bb28bbfa7da1729407f873d3e69c28d8cc933af562e95624
-
SHA512
89eb197f9b5581fe1638415b76a21b6dfd716923b39b941668649c47e2d3cc2553220a4606a63b2615946fc4e81f0f96ebd1a72f6ebebdce669fec05845b7057
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-