General
-
Target
usfive_20210727-123716
-
Size
665KB
-
Sample
210727-7ybvr6ab3x
-
MD5
47753a43e07b40887ebb2ebe814ef4f0
-
SHA1
3f7dbd5d3407b7250bf0cc9a2c8dc83167c209be
-
SHA256
38dabf5820cdd270c14b0157c883e2e53f38bc24824e66948dad824d7b077de1
-
SHA512
b6c62d1c5c809027433380ae8186300ef0f2b6b2fa8e79a581f4575020c4feadfce000a65e7d5f4c7d25051e79b4908dfbc7f48598a03e5142ff1f97cfdccf32
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20210727-123716.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.7
818
https://shpak125.tumblr.com/
-
profile_id
818
Targets
-
-
Target
usfive_20210727-123716
-
Size
665KB
-
MD5
47753a43e07b40887ebb2ebe814ef4f0
-
SHA1
3f7dbd5d3407b7250bf0cc9a2c8dc83167c209be
-
SHA256
38dabf5820cdd270c14b0157c883e2e53f38bc24824e66948dad824d7b077de1
-
SHA512
b6c62d1c5c809027433380ae8186300ef0f2b6b2fa8e79a581f4575020c4feadfce000a65e7d5f4c7d25051e79b4908dfbc7f48598a03e5142ff1f97cfdccf32
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-