General
-
Target
1e981e240cc21580c970db894934da5f.exe
-
Size
800KB
-
Sample
210804-a8b5ytep6e
-
MD5
1e981e240cc21580c970db894934da5f
-
SHA1
24bc2e53f10324268b5ba1542568d9e998a1052b
-
SHA256
26285efdd77665c7dd35aa0450f77214644ebb80fb284e071e67f728881c8983
-
SHA512
24c9968c7fbe3f341801e723be26dc083939238a94234374e1eb7821360119e6c8efdcd481ab68de2007fcae1a39b897f4b1198cc43a965577a0982272413844
Static task
static1
Behavioral task
behavioral1
Sample
1e981e240cc21580c970db894934da5f.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.9
921
https://prophefliloc.tumblr.com/
-
profile_id
921
Targets
-
-
Target
1e981e240cc21580c970db894934da5f.exe
-
Size
800KB
-
MD5
1e981e240cc21580c970db894934da5f
-
SHA1
24bc2e53f10324268b5ba1542568d9e998a1052b
-
SHA256
26285efdd77665c7dd35aa0450f77214644ebb80fb284e071e67f728881c8983
-
SHA512
24c9968c7fbe3f341801e723be26dc083939238a94234374e1eb7821360119e6c8efdcd481ab68de2007fcae1a39b897f4b1198cc43a965577a0982272413844
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-