General
-
Target
a592b3c40313a8d7543b067776c582b27c5a6ea9700dc44451cf44e8a4fa0440
-
Size
681KB
-
Sample
211014-a7g2dsfccl
-
MD5
68d0f2b6bc21e482f407422b3cd1c9b2
-
SHA1
418e7f843a8b2345784365b98ff2ee86a492b872
-
SHA256
a592b3c40313a8d7543b067776c582b27c5a6ea9700dc44451cf44e8a4fa0440
-
SHA512
14b31c2c7e90a29cacbf03b77b32ff4990b51ed69374341e9ac8dc16dbc7191fadbc5b068be345bdc3b3441972c22569e7ae9ea97b518e2bc913c766cfb2f10a
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
a592b3c40313a8d7543b067776c582b27c5a6ea9700dc44451cf44e8a4fa0440
-
Size
681KB
-
MD5
68d0f2b6bc21e482f407422b3cd1c9b2
-
SHA1
418e7f843a8b2345784365b98ff2ee86a492b872
-
SHA256
a592b3c40313a8d7543b067776c582b27c5a6ea9700dc44451cf44e8a4fa0440
-
SHA512
14b31c2c7e90a29cacbf03b77b32ff4990b51ed69374341e9ac8dc16dbc7191fadbc5b068be345bdc3b3441972c22569e7ae9ea97b518e2bc913c766cfb2f10a
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-