General
-
Target
4a967aa29b38f9bae74e631162134e2d8ca0c80a5d0e0af585cf14998459306c
-
Size
635KB
-
Sample
211012-l1mh3scabr
-
MD5
10fc510cde30fc4405f228d41f7fac9a
-
SHA1
f5d112b4e0ed70eb47771c27fc06db98309108ad
-
SHA256
4a967aa29b38f9bae74e631162134e2d8ca0c80a5d0e0af585cf14998459306c
-
SHA512
642bae18f5fc25f0147b3b5deadd23c7a98a9f6b35ffd2e5d5b07402ef24d14d948cfdd0c1d37bb9698a89f20e64664a526a64c68d44d575d799980ef12addec
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
4a967aa29b38f9bae74e631162134e2d8ca0c80a5d0e0af585cf14998459306c
-
Size
635KB
-
MD5
10fc510cde30fc4405f228d41f7fac9a
-
SHA1
f5d112b4e0ed70eb47771c27fc06db98309108ad
-
SHA256
4a967aa29b38f9bae74e631162134e2d8ca0c80a5d0e0af585cf14998459306c
-
SHA512
642bae18f5fc25f0147b3b5deadd23c7a98a9f6b35ffd2e5d5b07402ef24d14d948cfdd0c1d37bb9698a89f20e64664a526a64c68d44d575d799980ef12addec
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-