General
-
Target
b145481b3a46c0e94f36eb367b4fb547.exe
-
Size
502KB
-
Sample
210728-gjdl98zt7n
-
MD5
b145481b3a46c0e94f36eb367b4fb547
-
SHA1
2206daf1a6e4ff8706df648888caa3bdbe5a8d6e
-
SHA256
81f0ea7ee9873de0118f7a630ea06da4072c8bd582ed4dc753a0124e1adb1584
-
SHA512
272a600c0586ef8525ad5c5c5698afbe35c65d7f9d2bb8222ba372077dc095e3159b5a973f190d67dc6e36bb56c76770f21ec36748ca18dab95c74273d0de1e3
Static task
static1
Behavioral task
behavioral1
Sample
b145481b3a46c0e94f36eb367b4fb547.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.7
921
https://shpak125.tumblr.com/
-
profile_id
921
Targets
-
-
Target
b145481b3a46c0e94f36eb367b4fb547.exe
-
Size
502KB
-
MD5
b145481b3a46c0e94f36eb367b4fb547
-
SHA1
2206daf1a6e4ff8706df648888caa3bdbe5a8d6e
-
SHA256
81f0ea7ee9873de0118f7a630ea06da4072c8bd582ed4dc753a0124e1adb1584
-
SHA512
272a600c0586ef8525ad5c5c5698afbe35c65d7f9d2bb8222ba372077dc095e3159b5a973f190d67dc6e36bb56c76770f21ec36748ca18dab95c74273d0de1e3
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-