General
-
Target
bd044a6fdd1c08c522ab77df1009231a36b43e2337e98894f7297fc8b2c89db9
-
Size
675KB
-
Sample
211014-hn7rpsgcaq
-
MD5
61a8ebe217b5ffe434f2e985033d0d0b
-
SHA1
e299ed4271bb81a9b309e3f0649c82a23f794abe
-
SHA256
bd044a6fdd1c08c522ab77df1009231a36b43e2337e98894f7297fc8b2c89db9
-
SHA512
0ff89653c76fdad1c59992cbfc5615eb2ff430a1491e98f0d67c6c821ab799c816152a58ccc92ff7f63662a828bd0b16d47a157a4f570eebb868e014adc7b8ec
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
bd044a6fdd1c08c522ab77df1009231a36b43e2337e98894f7297fc8b2c89db9
-
Size
675KB
-
MD5
61a8ebe217b5ffe434f2e985033d0d0b
-
SHA1
e299ed4271bb81a9b309e3f0649c82a23f794abe
-
SHA256
bd044a6fdd1c08c522ab77df1009231a36b43e2337e98894f7297fc8b2c89db9
-
SHA512
0ff89653c76fdad1c59992cbfc5615eb2ff430a1491e98f0d67c6c821ab799c816152a58ccc92ff7f63662a828bd0b16d47a157a4f570eebb868e014adc7b8ec
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-