General
-
Target
12669aaffc7529caec004ae9b351e592.exe
-
Size
521KB
-
Sample
210727-xb55g3szra
-
MD5
12669aaffc7529caec004ae9b351e592
-
SHA1
31705c2612209846bd09e1c98f57f9d0badff58a
-
SHA256
fe05b66d6140aec7855bb58fcf186c8529c3a7630d0985f5201b31f92d9d63fe
-
SHA512
bc360e071afd2e082f931925d7541311ae43d093030c58fb1cd48e5bf2487c1392b1b51c27276d67c88a9469fb1181440ce0a9e6f608442d20e8c5bc287df095
Static task
static1
Behavioral task
behavioral1
Sample
12669aaffc7529caec004ae9b351e592.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.7
921
https://shpak125.tumblr.com/
-
profile_id
921
Targets
-
-
Target
12669aaffc7529caec004ae9b351e592.exe
-
Size
521KB
-
MD5
12669aaffc7529caec004ae9b351e592
-
SHA1
31705c2612209846bd09e1c98f57f9d0badff58a
-
SHA256
fe05b66d6140aec7855bb58fcf186c8529c3a7630d0985f5201b31f92d9d63fe
-
SHA512
bc360e071afd2e082f931925d7541311ae43d093030c58fb1cd48e5bf2487c1392b1b51c27276d67c88a9469fb1181440ce0a9e6f608442d20e8c5bc287df095
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-