General
-
Target
308c3af9d49308ea263e70bc4f946fa0.exe
-
Size
1.5MB
-
Sample
210804-dxd1bh3eqj
-
MD5
308c3af9d49308ea263e70bc4f946fa0
-
SHA1
962bd5aaa2d7441a27c931932cc003491aa66dad
-
SHA256
bb9a6242991d0d9bf29011e503cb679537dda42fab5451869ce866b3dada19ca
-
SHA512
da8fcd80d98a62eaef1a57d87fcb990d47e0ebe2aa0834a16262810b5fd36bcb8f05a08a093e19b3c498277f97adc12f0725f122b7b7047e495f39647cfee40f
Static task
static1
Behavioral task
behavioral1
Sample
308c3af9d49308ea263e70bc4f946fa0.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.9
921
https://prophefliloc.tumblr.com/
-
profile_id
921
Targets
-
-
Target
308c3af9d49308ea263e70bc4f946fa0.exe
-
Size
1.5MB
-
MD5
308c3af9d49308ea263e70bc4f946fa0
-
SHA1
962bd5aaa2d7441a27c931932cc003491aa66dad
-
SHA256
bb9a6242991d0d9bf29011e503cb679537dda42fab5451869ce866b3dada19ca
-
SHA512
da8fcd80d98a62eaef1a57d87fcb990d47e0ebe2aa0834a16262810b5fd36bcb8f05a08a093e19b3c498277f97adc12f0725f122b7b7047e495f39647cfee40f
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-