General
-
Target
ca53979957b61b8d338b633a671432b520d2a0bcfdaced82d446ae3df8347c47
-
Size
772KB
-
Sample
211011-sxpmlahfal
-
MD5
07e6b02fbd482784d656d6407538bd19
-
SHA1
6cb54c8fd9a950c51bf7a6f9634efc3df3121147
-
SHA256
ca53979957b61b8d338b633a671432b520d2a0bcfdaced82d446ae3df8347c47
-
SHA512
0eee10aeb7727bbff0b0516dcd6c95b8707a3a0a68b87094bf9cc2a4590585781454034f964cfd413313e4029228635b211b346804ae150ba73707f5e1b1d652
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
ca53979957b61b8d338b633a671432b520d2a0bcfdaced82d446ae3df8347c47
-
Size
772KB
-
MD5
07e6b02fbd482784d656d6407538bd19
-
SHA1
6cb54c8fd9a950c51bf7a6f9634efc3df3121147
-
SHA256
ca53979957b61b8d338b633a671432b520d2a0bcfdaced82d446ae3df8347c47
-
SHA512
0eee10aeb7727bbff0b0516dcd6c95b8707a3a0a68b87094bf9cc2a4590585781454034f964cfd413313e4029228635b211b346804ae150ba73707f5e1b1d652
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-