General
-
Target
f1e89356f7a21887e4b5db1160717abf
-
Size
581KB
-
Sample
210730-w7ctrj2r2s
-
MD5
f1e89356f7a21887e4b5db1160717abf
-
SHA1
ff7409ec73309460650dccc2e44efb8595c246d7
-
SHA256
4227ee74e68b799efeb3613493f4814a81e16fec32c88bcc3fdcc7eae35b60bc
-
SHA512
891734162b8f4b5c1d9cc08cc9c8140edbdf8af2ca4b0819a860cc1c1887d041e25db1b4282069ebeea6d764846d5d20ba3e836d923b1e3886f468236b244e51
Static task
static1
Behavioral task
behavioral1
Sample
f1e89356f7a21887e4b5db1160717abf.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.8
921
https://xeronxikxxx.tumblr.com/
-
profile_id
921
Targets
-
-
Target
f1e89356f7a21887e4b5db1160717abf
-
Size
581KB
-
MD5
f1e89356f7a21887e4b5db1160717abf
-
SHA1
ff7409ec73309460650dccc2e44efb8595c246d7
-
SHA256
4227ee74e68b799efeb3613493f4814a81e16fec32c88bcc3fdcc7eae35b60bc
-
SHA512
891734162b8f4b5c1d9cc08cc9c8140edbdf8af2ca4b0819a860cc1c1887d041e25db1b4282069ebeea6d764846d5d20ba3e836d923b1e3886f468236b244e51
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-