General
-
Target
2f3a674df7167548a7914c5480cca0d4c9b35cbf955867d2809c3b293afdbd9c
-
Size
658KB
-
Sample
210921-mq22fsbhbk
-
MD5
5f6d420714d6a48c0c83d114d537ec30
-
SHA1
3731ab3663f3efe0f41475e4a9e834a56d5a8989
-
SHA256
2f3a674df7167548a7914c5480cca0d4c9b35cbf955867d2809c3b293afdbd9c
-
SHA512
608b80b590359db3572fc3099f3e6a9e9c8a9300f2df41688be58a1dd4a9ce6a3602282e96e8554a2f60ffeedbddc42f4df8a30d4ae667dc306f62850435339d
Static task
static1
Malware Config
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
2f3a674df7167548a7914c5480cca0d4c9b35cbf955867d2809c3b293afdbd9c
-
Size
658KB
-
MD5
5f6d420714d6a48c0c83d114d537ec30
-
SHA1
3731ab3663f3efe0f41475e4a9e834a56d5a8989
-
SHA256
2f3a674df7167548a7914c5480cca0d4c9b35cbf955867d2809c3b293afdbd9c
-
SHA512
608b80b590359db3572fc3099f3e6a9e9c8a9300f2df41688be58a1dd4a9ce6a3602282e96e8554a2f60ffeedbddc42f4df8a30d4ae667dc306f62850435339d
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-