General
-
Target
eufive_20211011-123243
-
Size
770KB
-
Sample
211011-m7nkdshaaq
-
MD5
e3644c401681ca2707ad7d035efd5442
-
SHA1
374dd51da2729a48fc36549feb27e7cebc3ee0a5
-
SHA256
8ce0bff38fc00195f747fd99b4c10b255c17c8ef7cfed78d07d03fe0123a9d39
-
SHA512
d126ff856a513a9b6f65bf26e82263226a7f57f06f38c5982b17623ea182b261fb0a53c68c9ec26487ead0af933598800f0e225ea41896c290f019f05a599bf4
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211011-123243.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
41.3
865
https://mas.to/@oleg98
-
profile_id
865
Targets
-
-
Target
eufive_20211011-123243
-
Size
770KB
-
MD5
e3644c401681ca2707ad7d035efd5442
-
SHA1
374dd51da2729a48fc36549feb27e7cebc3ee0a5
-
SHA256
8ce0bff38fc00195f747fd99b4c10b255c17c8ef7cfed78d07d03fe0123a9d39
-
SHA512
d126ff856a513a9b6f65bf26e82263226a7f57f06f38c5982b17623ea182b261fb0a53c68c9ec26487ead0af933598800f0e225ea41896c290f019f05a599bf4
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-