General
-
Target
9152c3d8d3cb6fa1d8ad2c22a5e15c4da96c1f235f7df0be39d423222a55b555
-
Size
592KB
-
Sample
210926-xhv82sfbdq
-
MD5
f3490d7f32318f3f1a3b9e14cf63087b
-
SHA1
f5deb9e7336b31e4393f85a699082f4f473a960b
-
SHA256
9152c3d8d3cb6fa1d8ad2c22a5e15c4da96c1f235f7df0be39d423222a55b555
-
SHA512
1afbd32a4bec5abdcb87eb1519be1ebb2cfb3fc1061333a7d5f72a6a23edf296d6e893dc8a8aec5bd300bf5bc758038d6d500805348f2e30c426036b0bcc9b86
Static task
static1
Malware Config
Targets
-
-
Target
9152c3d8d3cb6fa1d8ad2c22a5e15c4da96c1f235f7df0be39d423222a55b555
-
Size
592KB
-
MD5
f3490d7f32318f3f1a3b9e14cf63087b
-
SHA1
f5deb9e7336b31e4393f85a699082f4f473a960b
-
SHA256
9152c3d8d3cb6fa1d8ad2c22a5e15c4da96c1f235f7df0be39d423222a55b555
-
SHA512
1afbd32a4bec5abdcb87eb1519be1ebb2cfb3fc1061333a7d5f72a6a23edf296d6e893dc8a8aec5bd300bf5bc758038d6d500805348f2e30c426036b0bcc9b86
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-