General
-
Target
8b0fafb9182bc403609f818c24c7875431360b61302ae81c5ec133bbac7f75fa
-
Size
728KB
-
Sample
211016-h1eaxscehk
-
MD5
901d86057c1ac26b69c33dae17ac1679
-
SHA1
5ed949302c78e5478b7c2e1a749ad3f6758c603d
-
SHA256
8b0fafb9182bc403609f818c24c7875431360b61302ae81c5ec133bbac7f75fa
-
SHA512
a21dd7dcb23ef54cc8cd337799c48605835cdfbdc99ac5db190f6f5984c6682e02cdbc412b5798e591cc0c6a712d0dda871bff67956367f722da5fde96f9afc7
Static task
static1
Malware Config
Extracted
vidar
41.4
1008
https://mas.to/@sslam
-
profile_id
1008
Targets
-
-
Target
8b0fafb9182bc403609f818c24c7875431360b61302ae81c5ec133bbac7f75fa
-
Size
728KB
-
MD5
901d86057c1ac26b69c33dae17ac1679
-
SHA1
5ed949302c78e5478b7c2e1a749ad3f6758c603d
-
SHA256
8b0fafb9182bc403609f818c24c7875431360b61302ae81c5ec133bbac7f75fa
-
SHA512
a21dd7dcb23ef54cc8cd337799c48605835cdfbdc99ac5db190f6f5984c6682e02cdbc412b5798e591cc0c6a712d0dda871bff67956367f722da5fde96f9afc7
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-