General
-
Target
ba17abec06b76fed7a1ae673e052f767.exe
-
Size
667KB
-
Sample
211014-nmqppaghgl
-
MD5
ba17abec06b76fed7a1ae673e052f767
-
SHA1
0690d4700be00ef41d0d2934756fdae56dd01772
-
SHA256
9fefd930a1cc7b257fe5a65bc3eda3167bc0f82895f288fc34eaca3411b2688b
-
SHA512
b25428c89ee8c2b38a5fdb685790e02bca24b22b654637fa191bf0a55b8a76d466bbcfdc65affb55c0c64bfebbed0709250e44be4e88b722d31bd65acb7b7ed2
Static task
static1
Behavioral task
behavioral1
Sample
ba17abec06b76fed7a1ae673e052f767.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
ba17abec06b76fed7a1ae673e052f767.exe
-
Size
667KB
-
MD5
ba17abec06b76fed7a1ae673e052f767
-
SHA1
0690d4700be00ef41d0d2934756fdae56dd01772
-
SHA256
9fefd930a1cc7b257fe5a65bc3eda3167bc0f82895f288fc34eaca3411b2688b
-
SHA512
b25428c89ee8c2b38a5fdb685790e02bca24b22b654637fa191bf0a55b8a76d466bbcfdc65affb55c0c64bfebbed0709250e44be4e88b722d31bd65acb7b7ed2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-