General
-
Target
eufive_20211003-042637
-
Size
756KB
-
Sample
211005-j983bshgfm
-
MD5
fb4b9d6b82ddd8d88453aa2340074571
-
SHA1
cd210a495db45237fe7885ce554f82c00ebf4672
-
SHA256
e7a62eae4dcc12e295b6c54febddb82fbbd091ae57144f1eaa29dede3a31696c
-
SHA512
687fb10556cce9edbf7e1fe36efe9979ae23500a45c56e187eb67677e816d1804814b4311334e4658f1fc36dfe08c13d5e613b647df06626ebe1c98ac77ce32b
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211003-042637.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.1
865
https://mas.to/@bardak1ho
-
profile_id
865
Targets
-
-
Target
eufive_20211003-042637
-
Size
756KB
-
MD5
fb4b9d6b82ddd8d88453aa2340074571
-
SHA1
cd210a495db45237fe7885ce554f82c00ebf4672
-
SHA256
e7a62eae4dcc12e295b6c54febddb82fbbd091ae57144f1eaa29dede3a31696c
-
SHA512
687fb10556cce9edbf7e1fe36efe9979ae23500a45c56e187eb67677e816d1804814b4311334e4658f1fc36dfe08c13d5e613b647df06626ebe1c98ac77ce32b
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-