General
-
Target
eufive_20211022-051123
-
Size
717KB
-
Sample
211022-k2pjdsccdj
-
MD5
0759213189cbf639054841385550f38b
-
SHA1
a40ab4607eb157c846c30b6358b770890e510ef8
-
SHA256
c790630bbea74a5d2a9b972c63125749443295944a1d97a666c7f7bf28db6b5c
-
SHA512
df0d934d26d7e9c76947c5be3df686f6dcd352ca2ce58c74e80393387b2af20facfea48b1b377897c15f14bf3acfbf13abe6ec00bfa42caaccdd9b959cf5c9e9
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211022-051123.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.5
865
https://mas.to/@xeroxxx
-
profile_id
865
Targets
-
-
Target
eufive_20211022-051123
-
Size
717KB
-
MD5
0759213189cbf639054841385550f38b
-
SHA1
a40ab4607eb157c846c30b6358b770890e510ef8
-
SHA256
c790630bbea74a5d2a9b972c63125749443295944a1d97a666c7f7bf28db6b5c
-
SHA512
df0d934d26d7e9c76947c5be3df686f6dcd352ca2ce58c74e80393387b2af20facfea48b1b377897c15f14bf3acfbf13abe6ec00bfa42caaccdd9b959cf5c9e9
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-