General
-
Target
eufive_20211017-135955
-
Size
765KB
-
Sample
211017-pz6gcaddgn
-
MD5
2051a29eb2eec1d05b054fc0bb865d23
-
SHA1
3a7fe3fce3b6493a252c2d2c85413bded64ae688
-
SHA256
2df54baaadf73e15a9a8f26a29f963d3e9045204333466747635cd5fd342ed3a
-
SHA512
0f18f38b204a5fc4d036126c672ecabbd830e2528fa546ad5490d8cb5c04eea1aced6495bcf41881874291edc324762ce6e2c1a801f8d315319b2e50cd6d5c5b
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211017-135955.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.4
865
https://mas.to/@sslam
-
profile_id
865
Targets
-
-
Target
eufive_20211017-135955
-
Size
765KB
-
MD5
2051a29eb2eec1d05b054fc0bb865d23
-
SHA1
3a7fe3fce3b6493a252c2d2c85413bded64ae688
-
SHA256
2df54baaadf73e15a9a8f26a29f963d3e9045204333466747635cd5fd342ed3a
-
SHA512
0f18f38b204a5fc4d036126c672ecabbd830e2528fa546ad5490d8cb5c04eea1aced6495bcf41881874291edc324762ce6e2c1a801f8d315319b2e50cd6d5c5b
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-