General
-
Target
eufive_20210802-084516
-
Size
617KB
-
Sample
210802-hmw5e5bjta
-
MD5
089b12f1cd9a81c2752e6c232bbe3e44
-
SHA1
6edda5b66c5386d61236733c7650158669285511
-
SHA256
2bdf1e9f2f24a730b6735481d2df6c7d58b463b7f91e4aaf58ade04886f927da
-
SHA512
6cca2ece56ef3d4abe9086cf57e03756633f4c289e1048f1a84cfad252a0267ff39fb0d1f9eec16fbaa9e13bb28b682604a3a4516e4fe1574c0ede2f9f383c97
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210802-084516.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.8
818
https://xeronxikxxx.tumblr.com/
-
profile_id
818
Targets
-
-
Target
eufive_20210802-084516
-
Size
617KB
-
MD5
089b12f1cd9a81c2752e6c232bbe3e44
-
SHA1
6edda5b66c5386d61236733c7650158669285511
-
SHA256
2bdf1e9f2f24a730b6735481d2df6c7d58b463b7f91e4aaf58ade04886f927da
-
SHA512
6cca2ece56ef3d4abe9086cf57e03756633f4c289e1048f1a84cfad252a0267ff39fb0d1f9eec16fbaa9e13bb28b682604a3a4516e4fe1574c0ede2f9f383c97
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-