General
-
Target
73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d
-
Size
574KB
-
Sample
210731-1ddjbsfzyj
-
MD5
c94ce43d6e27390ce125ee34048c002b
-
SHA1
a65eab2916aec7c514e28d04e5e88865a4b18fe3
-
SHA256
73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d
-
SHA512
f85a0915e146395c62244721aa4e99494cef3b5166b0708eedc3fe9b1fc5471a44879b00625fba27d62d0792bd5832001acc502a8fda86e96bc9b32da017d885
Static task
static1
Behavioral task
behavioral1
Sample
73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.8
818
https://xeronxikxxx.tumblr.com/
-
profile_id
818
Targets
-
-
Target
73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d
-
Size
574KB
-
MD5
c94ce43d6e27390ce125ee34048c002b
-
SHA1
a65eab2916aec7c514e28d04e5e88865a4b18fe3
-
SHA256
73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d
-
SHA512
f85a0915e146395c62244721aa4e99494cef3b5166b0708eedc3fe9b1fc5471a44879b00625fba27d62d0792bd5832001acc502a8fda86e96bc9b32da017d885
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-