General
-
Target
7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
-
Size
593KB
-
Sample
210926-ztm3xsfcej
-
MD5
237152c9f27f8ad0761afdd40b9ac535
-
SHA1
d608fd4b8ad64d56606fbdd6ac4fc48ae48d060c
-
SHA256
7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
-
SHA512
e8164d900a34e95f40f2d2972d71a82e8a2b3b3aec3411c1ec8ea06a56d0d31725ff64188fda87f1ac86f66cbe64f439f233fb6f9867d7dd4542b0c9c1be30e2
Static task
static1
Malware Config
Targets
-
-
Target
7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
-
Size
593KB
-
MD5
237152c9f27f8ad0761afdd40b9ac535
-
SHA1
d608fd4b8ad64d56606fbdd6ac4fc48ae48d060c
-
SHA256
7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
-
SHA512
e8164d900a34e95f40f2d2972d71a82e8a2b3b3aec3411c1ec8ea06a56d0d31725ff64188fda87f1ac86f66cbe64f439f233fb6f9867d7dd4542b0c9c1be30e2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-