General
-
Target
MIX3h2_20211028-131517
-
Size
687KB
-
Sample
211028-nkt94agbhr
-
MD5
70edd52d751ee9abf214038981882d4c
-
SHA1
0e80d1af1ededca0bf29ae954da0bc10efd4df55
-
SHA256
112325ad769041fb8f69e8c8c97f849518b0651209669498cf8b9181f7162643
-
SHA512
b3185a896a0c222e551fccb7408c2b9d5fce928527204e4b4e59522c00a58585eb8a87a9a2d54a86d657b7ec75746363a33c177d89a2b13dafefcfbdea1e3ceb
Static task
static1
Behavioral task
behavioral1
Sample
MIX3h2_20211028-131517.exe
Resource
win7-en-20211014
Malware Config
Extracted
vidar
41.6
1026
https://mas.to/@lilocc
-
profile_id
1026
Targets
-
-
Target
MIX3h2_20211028-131517
-
Size
687KB
-
MD5
70edd52d751ee9abf214038981882d4c
-
SHA1
0e80d1af1ededca0bf29ae954da0bc10efd4df55
-
SHA256
112325ad769041fb8f69e8c8c97f849518b0651209669498cf8b9181f7162643
-
SHA512
b3185a896a0c222e551fccb7408c2b9d5fce928527204e4b4e59522c00a58585eb8a87a9a2d54a86d657b7ec75746363a33c177d89a2b13dafefcfbdea1e3ceb
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-