General
-
Target
42b0fafc2de9e7557da389f7c458bbfb6d5fae3e3307e45b48edfe6fdb200b21
-
Size
727KB
-
Sample
211015-x24drscbbk
-
MD5
8abdc76ff21c9657253255745a94cb3e
-
SHA1
623fc470fa10b462a371567971da3ed8ee71951d
-
SHA256
42b0fafc2de9e7557da389f7c458bbfb6d5fae3e3307e45b48edfe6fdb200b21
-
SHA512
79b60a1dba4fcad169580dfc87dbdcd13b70654eede7c12984569d7690217c5fccdeb1700bde63eaa9ab6da0932fa7417917b85a40f9f0ba6bed107f3361a1d6
Static task
static1
Malware Config
Extracted
vidar
41.4
1008
https://mas.to/@sslam
-
profile_id
1008
Targets
-
-
Target
42b0fafc2de9e7557da389f7c458bbfb6d5fae3e3307e45b48edfe6fdb200b21
-
Size
727KB
-
MD5
8abdc76ff21c9657253255745a94cb3e
-
SHA1
623fc470fa10b462a371567971da3ed8ee71951d
-
SHA256
42b0fafc2de9e7557da389f7c458bbfb6d5fae3e3307e45b48edfe6fdb200b21
-
SHA512
79b60a1dba4fcad169580dfc87dbdcd13b70654eede7c12984569d7690217c5fccdeb1700bde63eaa9ab6da0932fa7417917b85a40f9f0ba6bed107f3361a1d6
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-