General
-
Target
cde3b1e8890ea52f0ab98e744ab9f0cab4ba87eb460abfd9d81eff85ada4bd08
-
Size
771KB
-
Sample
211010-1p1nwsgbek
-
MD5
94434e4115b8eab775edb8d59a73ecd7
-
SHA1
f2a2fbfbe37df08675d5b37c2790964d0eedf7dc
-
SHA256
cde3b1e8890ea52f0ab98e744ab9f0cab4ba87eb460abfd9d81eff85ada4bd08
-
SHA512
22d4d4a5dce7ec31687c1ff1a31f7c1a3d4ef819622bb2a0c9cce05b8f273aac5d33f6b13020466badcc77974c57bca4db4cf69ea3b17d18a7904402bdb6c721
Static task
static1
Malware Config
Extracted
vidar
41.2
1008
https://mas.to/@serg4325
-
profile_id
1008
Targets
-
-
Target
cde3b1e8890ea52f0ab98e744ab9f0cab4ba87eb460abfd9d81eff85ada4bd08
-
Size
771KB
-
MD5
94434e4115b8eab775edb8d59a73ecd7
-
SHA1
f2a2fbfbe37df08675d5b37c2790964d0eedf7dc
-
SHA256
cde3b1e8890ea52f0ab98e744ab9f0cab4ba87eb460abfd9d81eff85ada4bd08
-
SHA512
22d4d4a5dce7ec31687c1ff1a31f7c1a3d4ef819622bb2a0c9cce05b8f273aac5d33f6b13020466badcc77974c57bca4db4cf69ea3b17d18a7904402bdb6c721
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-