General
-
Target
eufive_20210728-221805
-
Size
597KB
-
Sample
210728-rtkh5m9nke
-
MD5
4f504f87104cadc79623876abd879241
-
SHA1
291cbf130af42ebdc83797651f7ff0f7d24a5caa
-
SHA256
0e590833420e363769d0fe42ff232cf8d0bf4ad55b9a3cca22b94a08c123790b
-
SHA512
0dbcf2b37b2e94f1c8ce41607983bf4486915f1847db202b3d0b10061b96bd4ae4c793a3e371cb4f9d5969cf25c4f1acd389be26a872892bab4b9f9b5cd559e8
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210728-221805.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.8
818
https://xeronxikxxx.tumblr.com/
-
profile_id
818
Targets
-
-
Target
eufive_20210728-221805
-
Size
597KB
-
MD5
4f504f87104cadc79623876abd879241
-
SHA1
291cbf130af42ebdc83797651f7ff0f7d24a5caa
-
SHA256
0e590833420e363769d0fe42ff232cf8d0bf4ad55b9a3cca22b94a08c123790b
-
SHA512
0dbcf2b37b2e94f1c8ce41607983bf4486915f1847db202b3d0b10061b96bd4ae4c793a3e371cb4f9d5969cf25c4f1acd389be26a872892bab4b9f9b5cd559e8
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-