General
-
Target
eufive_20211024-023723
-
Size
767KB
-
Sample
211024-azvyaadefm
-
MD5
6b25411e54d6c8317fbc670fe91f12ff
-
SHA1
5ce193524a782a424c79b2640d68144a4af897a2
-
SHA256
e5ab70938d171093fa1fe71a3b0eaade4dddc7fddb32c6717c62402eae1df476
-
SHA512
ba16d4553d05f7b0062e2eeaa0b71e8c71aef0c9927507ccbfb487dfcbf433864fdb7730733480f359d6bd4b4172d67c5defb63863dc74824e26a97043f353bc
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211024-023723.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.5
865
https://mas.to/@xeroxxx
-
profile_id
865
Targets
-
-
Target
eufive_20211024-023723
-
Size
767KB
-
MD5
6b25411e54d6c8317fbc670fe91f12ff
-
SHA1
5ce193524a782a424c79b2640d68144a4af897a2
-
SHA256
e5ab70938d171093fa1fe71a3b0eaade4dddc7fddb32c6717c62402eae1df476
-
SHA512
ba16d4553d05f7b0062e2eeaa0b71e8c71aef0c9927507ccbfb487dfcbf433864fdb7730733480f359d6bd4b4172d67c5defb63863dc74824e26a97043f353bc
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-