General
-
Target
eufive_20210904-225322
-
Size
662KB
-
Sample
210906-kkh1aaeaap
-
MD5
792e07f07b6ad87f9c078fdf48bd487b
-
SHA1
e514610dc1f1509e096767e5e0130d79c57081ca
-
SHA256
f1965eab648649f5bcb6d7cc954eec13ae87320654253a19fe55199d7da9fbdb
-
SHA512
194fd61239d41af1c774337d1596664a3c019e01980ae740ad473ac2722e6931ee185fa29a4dc968af82d1356ccf4c65bd14baaa5d3c1792db8f255dbeb87102
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210904-225322.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
40.4
865
https://romkaxarit.tumblr.com/
-
profile_id
865
Targets
-
-
Target
eufive_20210904-225322
-
Size
662KB
-
MD5
792e07f07b6ad87f9c078fdf48bd487b
-
SHA1
e514610dc1f1509e096767e5e0130d79c57081ca
-
SHA256
f1965eab648649f5bcb6d7cc954eec13ae87320654253a19fe55199d7da9fbdb
-
SHA512
194fd61239d41af1c774337d1596664a3c019e01980ae740ad473ac2722e6931ee185fa29a4dc968af82d1356ccf4c65bd14baaa5d3c1792db8f255dbeb87102
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-