General
-
Target
28e495f69a9d69497bdeebb0e03215f9b316cac67de9f6c5977d04fcd9b4ba56
-
Size
681KB
-
Sample
211013-21f93afbgl
-
MD5
0fa183ae77694f70a4279fbd32d5f262
-
SHA1
954242e2bb4943df86f1ce0a7f149af6b410610a
-
SHA256
28e495f69a9d69497bdeebb0e03215f9b316cac67de9f6c5977d04fcd9b4ba56
-
SHA512
696f61fc2dd2809ac452e699374d5e6390279bc6d80d8a81bc664783ab82692bc4348c3058a9b02d52d8857ca2d9dc7b63a4c4742812b678d5462b45ccaf7693
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
28e495f69a9d69497bdeebb0e03215f9b316cac67de9f6c5977d04fcd9b4ba56
-
Size
681KB
-
MD5
0fa183ae77694f70a4279fbd32d5f262
-
SHA1
954242e2bb4943df86f1ce0a7f149af6b410610a
-
SHA256
28e495f69a9d69497bdeebb0e03215f9b316cac67de9f6c5977d04fcd9b4ba56
-
SHA512
696f61fc2dd2809ac452e699374d5e6390279bc6d80d8a81bc664783ab82692bc4348c3058a9b02d52d8857ca2d9dc7b63a4c4742812b678d5462b45ccaf7693
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-