General
-
Target
83e0266fe0d2c0e8850cb23eac6705f0539af57c10c6016797d1e34359bd2634
-
Size
715KB
-
Sample
211014-sd9tesaffr
-
MD5
4ac1ae6af435ece0906c585c935b79ef
-
SHA1
eba2600d6da06563f7241c5c9e419ab7b10e5933
-
SHA256
83e0266fe0d2c0e8850cb23eac6705f0539af57c10c6016797d1e34359bd2634
-
SHA512
9835a23cbfb80ae38bcfd575e3472ff8aba073cf0829e1b1ccf4d2490716d57dbed14873fdd72910f2c092e1b1673a23e458499559fff37515de75f3abc2d2a8
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
83e0266fe0d2c0e8850cb23eac6705f0539af57c10c6016797d1e34359bd2634
-
Size
715KB
-
MD5
4ac1ae6af435ece0906c585c935b79ef
-
SHA1
eba2600d6da06563f7241c5c9e419ab7b10e5933
-
SHA256
83e0266fe0d2c0e8850cb23eac6705f0539af57c10c6016797d1e34359bd2634
-
SHA512
9835a23cbfb80ae38bcfd575e3472ff8aba073cf0829e1b1ccf4d2490716d57dbed14873fdd72910f2c092e1b1673a23e458499559fff37515de75f3abc2d2a8
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-