General
-
Target
acfd4006b3069062b715aeb4ed39b8dbf3112859d1727d4e430e929315884248
-
Size
634KB
-
Sample
211012-clrptaagcj
-
MD5
afebe111b27b285056bad6fa6ed4b2c7
-
SHA1
fa5f18b7fe05098ac2e907e74dd6f50116b108c6
-
SHA256
acfd4006b3069062b715aeb4ed39b8dbf3112859d1727d4e430e929315884248
-
SHA512
303e3a63f270cc4fb40155386cb4c22a0d0f9c217c896434eca4efb41e43a6053e4ef75920ec029ba868890779463d49787a527ab03b87e19de3d918267d84c0
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
acfd4006b3069062b715aeb4ed39b8dbf3112859d1727d4e430e929315884248
-
Size
634KB
-
MD5
afebe111b27b285056bad6fa6ed4b2c7
-
SHA1
fa5f18b7fe05098ac2e907e74dd6f50116b108c6
-
SHA256
acfd4006b3069062b715aeb4ed39b8dbf3112859d1727d4e430e929315884248
-
SHA512
303e3a63f270cc4fb40155386cb4c22a0d0f9c217c896434eca4efb41e43a6053e4ef75920ec029ba868890779463d49787a527ab03b87e19de3d918267d84c0
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-