General
-
Target
41ed34b70460e1eb3b561fbc89b65052
-
Size
567KB
-
Sample
211026-fvvplshfhq
-
MD5
41ed34b70460e1eb3b561fbc89b65052
-
SHA1
a5def1d5bf16265f8a828dd4b1e9c2deede4e3c1
-
SHA256
22d5d59d54369797b47fb086e329d72d65f98bd679977370ddb24118815f311b
-
SHA512
03cc6e74afc17bfbc54d9284d84c3b0d33f1d615cd7214aa6fabddb42579e30d9117aeaa88c3e8fdb56a9d6438eb1fdd7c00af9c0ebb730619ee19b6f34dbf60
Static task
static1
Behavioral task
behavioral1
Sample
41ed34b70460e1eb3b561fbc89b65052.exe
Resource
win7-en-20210920
Malware Config
Extracted
vidar
41.5
921
https://mas.to/@xeroxxx
-
profile_id
921
Targets
-
-
Target
41ed34b70460e1eb3b561fbc89b65052
-
Size
567KB
-
MD5
41ed34b70460e1eb3b561fbc89b65052
-
SHA1
a5def1d5bf16265f8a828dd4b1e9c2deede4e3c1
-
SHA256
22d5d59d54369797b47fb086e329d72d65f98bd679977370ddb24118815f311b
-
SHA512
03cc6e74afc17bfbc54d9284d84c3b0d33f1d615cd7214aa6fabddb42579e30d9117aeaa88c3e8fdb56a9d6438eb1fdd7c00af9c0ebb730619ee19b6f34dbf60
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-