General
-
Target
4b950c5c6fe92bd325e358e4309ae344012bc9bd12ccf3d8291aacdf3a7a28e6
-
Size
682KB
-
Sample
211012-ymj71sdaam
-
MD5
294d6e9070520e300ee16ce147e0c3a9
-
SHA1
445b317bacc81c5a219dca95c49dd93b9b5a31cb
-
SHA256
4b950c5c6fe92bd325e358e4309ae344012bc9bd12ccf3d8291aacdf3a7a28e6
-
SHA512
725f81cc07b7551baf16b8b0fab484ec4241c6d39dff343a463f1603f5d64b4ac15e09078a600df03d5a2ac730272fd46e515209f49fa94dfaae0dd9156542e2
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
4b950c5c6fe92bd325e358e4309ae344012bc9bd12ccf3d8291aacdf3a7a28e6
-
Size
682KB
-
MD5
294d6e9070520e300ee16ce147e0c3a9
-
SHA1
445b317bacc81c5a219dca95c49dd93b9b5a31cb
-
SHA256
4b950c5c6fe92bd325e358e4309ae344012bc9bd12ccf3d8291aacdf3a7a28e6
-
SHA512
725f81cc07b7551baf16b8b0fab484ec4241c6d39dff343a463f1603f5d64b4ac15e09078a600df03d5a2ac730272fd46e515209f49fa94dfaae0dd9156542e2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-