General
-
Target
eufive_20211118-131200
-
Size
708KB
-
Sample
211118-pwet8achgn
-
MD5
365a34cab8d5fa2de3a514bc956a7171
-
SHA1
b477f9de72629796dd16df29dedbf87380489a78
-
SHA256
338c031fdc6627167a9ef249f9b2d5af78f76a92f85f5f699d77bb0815df151b
-
SHA512
e4b9d6554d1c1dea7b65f1a5f0d3bde4f5221fdc7c676b34ff278cedd3704b330f6e89e446e85bd3247d7bc78e303ed703dde804834df078aa7006e962526045
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211118-131200.exe
Resource
win7-en-20211014
Malware Config
Extracted
vidar
48.6
824
https://mastodon.online/@valhalla
https://koyu.space/@valhalla
-
profile_id
824
Targets
-
-
Target
eufive_20211118-131200
-
Size
708KB
-
MD5
365a34cab8d5fa2de3a514bc956a7171
-
SHA1
b477f9de72629796dd16df29dedbf87380489a78
-
SHA256
338c031fdc6627167a9ef249f9b2d5af78f76a92f85f5f699d77bb0815df151b
-
SHA512
e4b9d6554d1c1dea7b65f1a5f0d3bde4f5221fdc7c676b34ff278cedd3704b330f6e89e446e85bd3247d7bc78e303ed703dde804834df078aa7006e962526045
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-