General
-
Target
be534bd1b74ccc3c27bafbd8e85223497c41f393a9a3805f775abe8d7acb7225
-
Size
660KB
-
Sample
210921-zttwgaddbm
-
MD5
969cb6da250c4c0bd2d47a29fae080d8
-
SHA1
50760af111428e26ef3a3241157f325d1514cd5a
-
SHA256
be534bd1b74ccc3c27bafbd8e85223497c41f393a9a3805f775abe8d7acb7225
-
SHA512
5da85ffb710d3e1c4d1b001b6f933e7de89bc26f43636ea5c1ccac20cc0b13f61c3e528d3cd2473b1968351b5018ca1f0a831716b417f24f5b570183f77d75fa
Static task
static1
Malware Config
Extracted
vidar
40.9
828
https://stacenko668.tumblr.com/
-
profile_id
828
Targets
-
-
Target
be534bd1b74ccc3c27bafbd8e85223497c41f393a9a3805f775abe8d7acb7225
-
Size
660KB
-
MD5
969cb6da250c4c0bd2d47a29fae080d8
-
SHA1
50760af111428e26ef3a3241157f325d1514cd5a
-
SHA256
be534bd1b74ccc3c27bafbd8e85223497c41f393a9a3805f775abe8d7acb7225
-
SHA512
5da85ffb710d3e1c4d1b001b6f933e7de89bc26f43636ea5c1ccac20cc0b13f61c3e528d3cd2473b1968351b5018ca1f0a831716b417f24f5b570183f77d75fa
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-