General
-
Target
eufive_20210729-100404
-
Size
661KB
-
Sample
210729-cgpdzqn3rn
-
MD5
98ae2f20cdad176aa61a2d542bc0aec9
-
SHA1
62dc4700f52e69064c82c0bd62b18f53221ffcc9
-
SHA256
aa5e5203bddc28bc1ab9b2d65c7c11748467410076a8e26ca396ea9db0682228
-
SHA512
e474f449065e45061c96e0ae6e23e3e5128df6d84c4debff783a06a7a8e4da3ce780c591abc96711b3f07459a3c589e07ea3d043ed1741ac62b3634e0c0b01e8
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210729-100404.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.8
818
https://xeronxikxxx.tumblr.com/
-
profile_id
818
Targets
-
-
Target
eufive_20210729-100404
-
Size
661KB
-
MD5
98ae2f20cdad176aa61a2d542bc0aec9
-
SHA1
62dc4700f52e69064c82c0bd62b18f53221ffcc9
-
SHA256
aa5e5203bddc28bc1ab9b2d65c7c11748467410076a8e26ca396ea9db0682228
-
SHA512
e474f449065e45061c96e0ae6e23e3e5128df6d84c4debff783a06a7a8e4da3ce780c591abc96711b3f07459a3c589e07ea3d043ed1741ac62b3634e0c0b01e8
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-