General
-
Target
6945989edb1edb2a08681de9900c3b589250a83d7017f8b1de2bcdebe288d767
-
Size
848KB
-
Sample
210727-2eyc75wzns
-
MD5
c205b46cf9b71ea1fcb6b2f5996d5a8d
-
SHA1
889e3ddc3904718a889176ca8239e28068f9308a
-
SHA256
6945989edb1edb2a08681de9900c3b589250a83d7017f8b1de2bcdebe288d767
-
SHA512
f047f19d0dfe45abd43867a3f0efe827abb81d3fb8d9c78ade98b63d2f88e4da2b4b9b41e94e43ac08c8ac4ea50981f52b2b85ce51c1a6c410bf4cf3c4110f29
Static task
static1
Malware Config
Extracted
vidar
39.7
517
https://shpak125.tumblr.com/
-
profile_id
517
Targets
-
-
Target
6945989edb1edb2a08681de9900c3b589250a83d7017f8b1de2bcdebe288d767
-
Size
848KB
-
MD5
c205b46cf9b71ea1fcb6b2f5996d5a8d
-
SHA1
889e3ddc3904718a889176ca8239e28068f9308a
-
SHA256
6945989edb1edb2a08681de9900c3b589250a83d7017f8b1de2bcdebe288d767
-
SHA512
f047f19d0dfe45abd43867a3f0efe827abb81d3fb8d9c78ade98b63d2f88e4da2b4b9b41e94e43ac08c8ac4ea50981f52b2b85ce51c1a6c410bf4cf3c4110f29
-
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-