General
-
Target
a874887231afb89c05124abab81e1936a0b067e29165b06405de39595bcf0044
-
Size
711KB
-
Sample
210922-xpbg8agbam
-
MD5
79637cf456eeeb20dff4b0ec835ade74
-
SHA1
f8b7c402ef6485a1e9f1914b17a39efe9cd2a8f2
-
SHA256
a874887231afb89c05124abab81e1936a0b067e29165b06405de39595bcf0044
-
SHA512
3727e586eeb6ed2c528c8f51bf6f65813c28d5ade9117208d0202bb673b9ae149e4d983056399e62a7f3aba6a8eca7fc66cdb4a999f3b9fef4e8d264f7224d23
Static task
static1
Malware Config
Extracted
vidar
40.9
828
https://stacenko668.tumblr.com/
-
profile_id
828
Targets
-
-
Target
a874887231afb89c05124abab81e1936a0b067e29165b06405de39595bcf0044
-
Size
711KB
-
MD5
79637cf456eeeb20dff4b0ec835ade74
-
SHA1
f8b7c402ef6485a1e9f1914b17a39efe9cd2a8f2
-
SHA256
a874887231afb89c05124abab81e1936a0b067e29165b06405de39595bcf0044
-
SHA512
3727e586eeb6ed2c528c8f51bf6f65813c28d5ade9117208d0202bb673b9ae149e4d983056399e62a7f3aba6a8eca7fc66cdb4a999f3b9fef4e8d264f7224d23
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-