General
-
Target
usfive_20210729-230527
-
Size
674KB
-
Sample
210729-62m8h5n2te
-
MD5
fcb0ce5683a593ced6741c531875f823
-
SHA1
fa87ad5d4b9abb0d15fc5cab3bad94f5f7965c24
-
SHA256
5be3e14363b05b17973b59ce33440c7ed514ae86c7b7c53f6cd2304edcd8c839
-
SHA512
5c1d2e1f05c4f281ac3854f2bd6981614da32a214defdf49ca75295dc4c8a8dd274c5a2bdcaf6d35ac5c22a46de071e85175c4aa3784d8cfb61cd27248f3d0fa
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20210729-230527.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.8
818
https://xeronxikxxx.tumblr.com/
-
profile_id
818
Targets
-
-
Target
usfive_20210729-230527
-
Size
674KB
-
MD5
fcb0ce5683a593ced6741c531875f823
-
SHA1
fa87ad5d4b9abb0d15fc5cab3bad94f5f7965c24
-
SHA256
5be3e14363b05b17973b59ce33440c7ed514ae86c7b7c53f6cd2304edcd8c839
-
SHA512
5c1d2e1f05c4f281ac3854f2bd6981614da32a214defdf49ca75295dc4c8a8dd274c5a2bdcaf6d35ac5c22a46de071e85175c4aa3784d8cfb61cd27248f3d0fa
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-