General
-
Target
a335a14188c608ba63b172cb891cd710c2bae0d56816c264f65037600d78e4e8
-
Size
593KB
-
Sample
210926-xrtftafbfl
-
MD5
2bfd3556c9283e527e972bf836c764b7
-
SHA1
f8e240c3dbb6259f66484dc15a8e7ae72ef69318
-
SHA256
a335a14188c608ba63b172cb891cd710c2bae0d56816c264f65037600d78e4e8
-
SHA512
617a172787e4fdf603eb0a75fac425e6cd4929985a151a1b9073cc5bae4cabe3b4edba3ab68def259b3e03bd59f5670abcb59b3ec14730fcfbcce93ccfed2385
Static task
static1
Malware Config
Targets
-
-
Target
a335a14188c608ba63b172cb891cd710c2bae0d56816c264f65037600d78e4e8
-
Size
593KB
-
MD5
2bfd3556c9283e527e972bf836c764b7
-
SHA1
f8e240c3dbb6259f66484dc15a8e7ae72ef69318
-
SHA256
a335a14188c608ba63b172cb891cd710c2bae0d56816c264f65037600d78e4e8
-
SHA512
617a172787e4fdf603eb0a75fac425e6cd4929985a151a1b9073cc5bae4cabe3b4edba3ab68def259b3e03bd59f5670abcb59b3ec14730fcfbcce93ccfed2385
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-