General
-
Target
9327ccee8aad5d19287735222dab91db.bmp
-
Size
661KB
-
Sample
210729-63fz2jnkwx
-
MD5
9327ccee8aad5d19287735222dab91db
-
SHA1
98669c013f74086684ee1755f842fc1d683f7caf
-
SHA256
19b922855c5da407318831d9f90bba6bbc5a5d68088c7d2e05c2e1d16908463b
-
SHA512
71586585cf318bde2a39c006d97968bcd907d527d47e1bae22a1b17be74058238232d0d3fe0e625927f53d73bb0451095daab9717e5079fe3a4abf7efc207aa3
Static task
static1
Behavioral task
behavioral1
Sample
9327ccee8aad5d19287735222dab91db.bmp.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.8
932
https://xeronxikxxx.tumblr.com/
-
profile_id
932
Targets
-
-
Target
9327ccee8aad5d19287735222dab91db.bmp
-
Size
661KB
-
MD5
9327ccee8aad5d19287735222dab91db
-
SHA1
98669c013f74086684ee1755f842fc1d683f7caf
-
SHA256
19b922855c5da407318831d9f90bba6bbc5a5d68088c7d2e05c2e1d16908463b
-
SHA512
71586585cf318bde2a39c006d97968bcd907d527d47e1bae22a1b17be74058238232d0d3fe0e625927f53d73bb0451095daab9717e5079fe3a4abf7efc207aa3
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-