General
-
Target
edb792a86b73b2213b18f536cb837e88c5412d9a43b6f402614c6267cf177d67
-
Size
724KB
-
Sample
211015-pwqaysbfdl
-
MD5
b01fdfdd90b62d4876d1f356b5403237
-
SHA1
16fab56a918831da3c9fcedc880948118839a101
-
SHA256
edb792a86b73b2213b18f536cb837e88c5412d9a43b6f402614c6267cf177d67
-
SHA512
8043b278eed56eeec990a18c8ed006fb33b511404bdda6f5b3c8e7eb6892a0bc3756921a9ad2022a93d0eaae029290827532d142641b8b892bd45d8adf0aa7a3
Static task
static1
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
edb792a86b73b2213b18f536cb837e88c5412d9a43b6f402614c6267cf177d67
-
Size
724KB
-
MD5
b01fdfdd90b62d4876d1f356b5403237
-
SHA1
16fab56a918831da3c9fcedc880948118839a101
-
SHA256
edb792a86b73b2213b18f536cb837e88c5412d9a43b6f402614c6267cf177d67
-
SHA512
8043b278eed56eeec990a18c8ed006fb33b511404bdda6f5b3c8e7eb6892a0bc3756921a9ad2022a93d0eaae029290827532d142641b8b892bd45d8adf0aa7a3
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-