General
-
Target
fac9acf2d470cfc1cc63be47a41f6fc72320b34a8aea30c139f7ddaf991170c3
-
Size
636KB
-
Sample
211012-s4af9acedl
-
MD5
ae0c8d3b7c13c462b6fe5b8b833711e4
-
SHA1
6bf35810157a563a1391448ba071d03e84ff2857
-
SHA256
fac9acf2d470cfc1cc63be47a41f6fc72320b34a8aea30c139f7ddaf991170c3
-
SHA512
7642726b44b28f5058e7c4372f9a0c3610749259d354bd3d8a9bf33e866d8092a1587f1f9872ff09f574f6eec6da73d9798c9626f28d0c9aca20a9bc857c1965
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
fac9acf2d470cfc1cc63be47a41f6fc72320b34a8aea30c139f7ddaf991170c3
-
Size
636KB
-
MD5
ae0c8d3b7c13c462b6fe5b8b833711e4
-
SHA1
6bf35810157a563a1391448ba071d03e84ff2857
-
SHA256
fac9acf2d470cfc1cc63be47a41f6fc72320b34a8aea30c139f7ddaf991170c3
-
SHA512
7642726b44b28f5058e7c4372f9a0c3610749259d354bd3d8a9bf33e866d8092a1587f1f9872ff09f574f6eec6da73d9798c9626f28d0c9aca20a9bc857c1965
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-