General
-
Target
eufive_20211001-150603
-
Size
746KB
-
Sample
211001-tedytacbaj
-
MD5
c8811bb9c6b08493eb9d1ea9862e232d
-
SHA1
6a0f6357e45d18e8af28d8f703537a65c96efbd2
-
SHA256
259a960ba51dee15b0051e15c4962225c533b421e1a62038ab8d332ba555f0f1
-
SHA512
3138f6c3688412cb55791a63357fe6099ad4f53d06cb3eb3e927a8d17b936037190fd74670bdbc5292f5f51d53a2b463bbded1e396d0edac52f7e6eec31b9163
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211001-150603.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
41.1
865
https://mas.to/@bardak1ho
-
profile_id
865
Targets
-
-
Target
eufive_20211001-150603
-
Size
746KB
-
MD5
c8811bb9c6b08493eb9d1ea9862e232d
-
SHA1
6a0f6357e45d18e8af28d8f703537a65c96efbd2
-
SHA256
259a960ba51dee15b0051e15c4962225c533b421e1a62038ab8d332ba555f0f1
-
SHA512
3138f6c3688412cb55791a63357fe6099ad4f53d06cb3eb3e927a8d17b936037190fd74670bdbc5292f5f51d53a2b463bbded1e396d0edac52f7e6eec31b9163
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-