General
-
Target
eufive_20211019-071057
-
Size
722KB
-
Sample
211019-kswaksgdan
-
MD5
e3dbf8caeee154d92999b920dbed283a
-
SHA1
cca8d60d3da91dc856d748d6170a6f61a8342a33
-
SHA256
1418597e5fd673d1d45bec3629b92e2c45206262113a0058710bf66c377b17c2
-
SHA512
bca9d1d9cfad735c5d5bc2c58faa4f5d5171363bee34cb7e542a45d1dd598a41a2a214a5fd21c9bcbb0658a31bd8942b9a07d8d5d9d71488ffe70593f755d357
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211019-071057.exe
Resource
win7-en-20211014
Malware Config
Extracted
vidar
41.5
865
https://mas.to/@xeroxxx
-
profile_id
865
Targets
-
-
Target
eufive_20211019-071057
-
Size
722KB
-
MD5
e3dbf8caeee154d92999b920dbed283a
-
SHA1
cca8d60d3da91dc856d748d6170a6f61a8342a33
-
SHA256
1418597e5fd673d1d45bec3629b92e2c45206262113a0058710bf66c377b17c2
-
SHA512
bca9d1d9cfad735c5d5bc2c58faa4f5d5171363bee34cb7e542a45d1dd598a41a2a214a5fd21c9bcbb0658a31bd8942b9a07d8d5d9d71488ffe70593f755d357
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-