General
-
Target
9f92db7f8df56594383cc5f72df3dd33f903081c2ea81b4230f1ac012fa0d8fa
-
Size
773KB
-
Sample
211105-yp579shhej
-
MD5
956f4f866e2bb25de970a94b174c47d3
-
SHA1
b863b9dadf724c81fe269474b4efa34b40e5482b
-
SHA256
9f92db7f8df56594383cc5f72df3dd33f903081c2ea81b4230f1ac012fa0d8fa
-
SHA512
94f8b5911639910321e3aaf5d74cdac51066d5b6e4c3feceee51d5f5e7e2dabd884349d0973c4e83102a09843c4843cc310a76d68c1bd8e2eee7213d955d092a
Static task
static1
Malware Config
Extracted
vidar
47.9
754
https://mas.to/@kirpich
-
profile_id
754
Targets
-
-
Target
9f92db7f8df56594383cc5f72df3dd33f903081c2ea81b4230f1ac012fa0d8fa
-
Size
773KB
-
MD5
956f4f866e2bb25de970a94b174c47d3
-
SHA1
b863b9dadf724c81fe269474b4efa34b40e5482b
-
SHA256
9f92db7f8df56594383cc5f72df3dd33f903081c2ea81b4230f1ac012fa0d8fa
-
SHA512
94f8b5911639910321e3aaf5d74cdac51066d5b6e4c3feceee51d5f5e7e2dabd884349d0973c4e83102a09843c4843cc310a76d68c1bd8e2eee7213d955d092a
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-