General
-
Target
6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158
-
Size
727KB
-
Sample
211016-ee9yxscecj
-
MD5
7c7a3d40efa697d3be43b11c669ac966
-
SHA1
4a01a0f579ce63bc57c7c0a261a23a3ca6f423b6
-
SHA256
6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158
-
SHA512
335b85ed69bf669635152ae56423292d7f6acd061b76e473a62764dd99ed8c28c8a506aa1fbda5353e7e2f34a9f52a44125306cdf397f9a00a14d0c68f2d432d
Static task
static1
Malware Config
Extracted
vidar
41.4
1008
https://mas.to/@sslam
-
profile_id
1008
Targets
-
-
Target
6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158
-
Size
727KB
-
MD5
7c7a3d40efa697d3be43b11c669ac966
-
SHA1
4a01a0f579ce63bc57c7c0a261a23a3ca6f423b6
-
SHA256
6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158
-
SHA512
335b85ed69bf669635152ae56423292d7f6acd061b76e473a62764dd99ed8c28c8a506aa1fbda5353e7e2f34a9f52a44125306cdf397f9a00a14d0c68f2d432d
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-