General
-
Target
usfive_20210802-202119
-
Size
575KB
-
Sample
210802-hy4vt81azx
-
MD5
81d7ad189b15daf76f5a062fa44d5183
-
SHA1
07875caf9278cea448f41377b4b5d98afa1e05c6
-
SHA256
b3a164e2d57447de8bcce68ce27cc3a0d4caa0036bc65920d4c395ce6a6ee6e4
-
SHA512
e42786b6318a3e2b8c646283b10833bffb3d0e2a46ba2b82e3ec41c6c65c9ae1647cf500ba598c49a5fcc98610b084d759ae387ae21f8e49ed8c0ddda2487ad0
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20210802-202119.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.9
818
https://prophefliloc.tumblr.com/
-
profile_id
818
Targets
-
-
Target
usfive_20210802-202119
-
Size
575KB
-
MD5
81d7ad189b15daf76f5a062fa44d5183
-
SHA1
07875caf9278cea448f41377b4b5d98afa1e05c6
-
SHA256
b3a164e2d57447de8bcce68ce27cc3a0d4caa0036bc65920d4c395ce6a6ee6e4
-
SHA512
e42786b6318a3e2b8c646283b10833bffb3d0e2a46ba2b82e3ec41c6c65c9ae1647cf500ba598c49a5fcc98610b084d759ae387ae21f8e49ed8c0ddda2487ad0
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-