General
-
Target
bb3f5d12e82d2ef8a2294270da5606572f37c1ea5f02e0be95f57a31909414e3
-
Size
715KB
-
Sample
211014-rnkrlsadhl
-
MD5
711b94767734527a2b96c451367003a2
-
SHA1
d096978d290d04e73fe15d41216b66df5628ce09
-
SHA256
bb3f5d12e82d2ef8a2294270da5606572f37c1ea5f02e0be95f57a31909414e3
-
SHA512
ce717cb957336f993fc74cd27005715d89820a24b9792aed5a6fc416ed4617446becef2ca8583315410306e5954c0e54246f7068e1f395fa882a7000e9251037
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
bb3f5d12e82d2ef8a2294270da5606572f37c1ea5f02e0be95f57a31909414e3
-
Size
715KB
-
MD5
711b94767734527a2b96c451367003a2
-
SHA1
d096978d290d04e73fe15d41216b66df5628ce09
-
SHA256
bb3f5d12e82d2ef8a2294270da5606572f37c1ea5f02e0be95f57a31909414e3
-
SHA512
ce717cb957336f993fc74cd27005715d89820a24b9792aed5a6fc416ed4617446becef2ca8583315410306e5954c0e54246f7068e1f395fa882a7000e9251037
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-