General
-
Target
742ebfd2395bc9482f15ae73c2f0d07afdc698e891f758a9d98b8b58a2aaacdc
-
Size
758KB
-
Sample
210727-tw1b6p4e7a
-
MD5
808e3a2f8e7c06eddd19c7aa1c42bc1e
-
SHA1
63c7c5171cb4852797e124704c3a1b5ed6279636
-
SHA256
742ebfd2395bc9482f15ae73c2f0d07afdc698e891f758a9d98b8b58a2aaacdc
-
SHA512
b67e4a7dcef2c328d7559f0821f33dbc8587d48d1e32451dcaa3b16b70ee7842313498c4567996905d26d230e69b6d0afebeddfe76468d1ecedec23b7985f231
Static task
static1
Malware Config
Extracted
vidar
39.7
517
https://shpak125.tumblr.com/
-
profile_id
517
Targets
-
-
Target
742ebfd2395bc9482f15ae73c2f0d07afdc698e891f758a9d98b8b58a2aaacdc
-
Size
758KB
-
MD5
808e3a2f8e7c06eddd19c7aa1c42bc1e
-
SHA1
63c7c5171cb4852797e124704c3a1b5ed6279636
-
SHA256
742ebfd2395bc9482f15ae73c2f0d07afdc698e891f758a9d98b8b58a2aaacdc
-
SHA512
b67e4a7dcef2c328d7559f0821f33dbc8587d48d1e32451dcaa3b16b70ee7842313498c4567996905d26d230e69b6d0afebeddfe76468d1ecedec23b7985f231
-
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-