General
-
Target
af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a
-
Size
667KB
-
Sample
211014-n1f3eaacan
-
MD5
5fec596842af6b979cbaf31798895f21
-
SHA1
b63e7a083754245b3206ab3c90a2999531f3ebcf
-
SHA256
af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a
-
SHA512
1549aba765a4ee9cdb7ad16531dbfbff02e93b09d7a9188de846c1a8649967e4bb6fd17028873ffa988fd19237b3a31876138ff73bf4cb01b82b4b0be0e448d8
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a
-
Size
667KB
-
MD5
5fec596842af6b979cbaf31798895f21
-
SHA1
b63e7a083754245b3206ab3c90a2999531f3ebcf
-
SHA256
af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a
-
SHA512
1549aba765a4ee9cdb7ad16531dbfbff02e93b09d7a9188de846c1a8649967e4bb6fd17028873ffa988fd19237b3a31876138ff73bf4cb01b82b4b0be0e448d8
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-