General
-
Target
0241e8302dd7f1dbb90ad8f26e6d852b665c4068dcd02903f0eac1b7208cf9c3
-
Size
756KB
-
Sample
211207-hsrlaagbfm
-
MD5
9d0d5618a8d30f60180bfd2e061f78de
-
SHA1
b6d80a023d6b68901e48c4e194dd07ec08704743
-
SHA256
0241e8302dd7f1dbb90ad8f26e6d852b665c4068dcd02903f0eac1b7208cf9c3
-
SHA512
aa45527eac08af781a30f236d24ff68375aaef752f8da893f9c31bbfb2ec302b8a18228f0d58fd71cbb2c5b60d857c240c1cc5aff6c60a78689e099158befece
Static task
static1
Malware Config
Extracted
vidar
49
517
https://mstdn.social/@sergeev43
https://koyu.space/@sergeev45
-
profile_id
517
Targets
-
-
Target
0241e8302dd7f1dbb90ad8f26e6d852b665c4068dcd02903f0eac1b7208cf9c3
-
Size
756KB
-
MD5
9d0d5618a8d30f60180bfd2e061f78de
-
SHA1
b6d80a023d6b68901e48c4e194dd07ec08704743
-
SHA256
0241e8302dd7f1dbb90ad8f26e6d852b665c4068dcd02903f0eac1b7208cf9c3
-
SHA512
aa45527eac08af781a30f236d24ff68375aaef752f8da893f9c31bbfb2ec302b8a18228f0d58fd71cbb2c5b60d857c240c1cc5aff6c60a78689e099158befece
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-