General
-
Target
63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
-
Size
711KB
-
Sample
210922-tm4t7sfgdl
-
MD5
b136307025010cb70238dcee637eba4d
-
SHA1
3fb5a158384bdc91c03c63b495826f02ef429794
-
SHA256
63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
-
SHA512
7ef6ae18167455ab6b092c42258558abcd09d9db54ac68d9e9b9bd3450135ca1e167947ea9eab95b830bcf977b9fd17e5094990b98eeff549ab41cb78d1a3ce1
Static task
static1
Malware Config
Extracted
vidar
40.9
828
https://stacenko668.tumblr.com/
-
profile_id
828
Targets
-
-
Target
63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
-
Size
711KB
-
MD5
b136307025010cb70238dcee637eba4d
-
SHA1
3fb5a158384bdc91c03c63b495826f02ef429794
-
SHA256
63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
-
SHA512
7ef6ae18167455ab6b092c42258558abcd09d9db54ac68d9e9b9bd3450135ca1e167947ea9eab95b830bcf977b9fd17e5094990b98eeff549ab41cb78d1a3ce1
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-