General
-
Target
707eabebf679add877075a6b6a376dfe119956203f6fc8038e9d5ce1d1ff90ff
-
Size
616KB
-
Sample
211220-rdz4jsbefp
-
MD5
a8a080ee38f353d92f1a9026c814da7c
-
SHA1
ca3a9e92617adfd45bb314e6451e6126f02e8e12
-
SHA256
707eabebf679add877075a6b6a376dfe119956203f6fc8038e9d5ce1d1ff90ff
-
SHA512
507da9725df1dfb885fc1969cbf8843d0e561f01347050d25d43cc5b6e33a8cc24c745a08a74cd9edc1820f47b06dd9c637fa3d9b48fca4448f74fd13dd170a6
Static task
static1
Behavioral task
behavioral1
Sample
707eabebf679add877075a6b6a376dfe119956203f6fc8038e9d5ce1d1ff90ff.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
49.1
915
https://noc.social/@sergeev46
https://c.im/@sergeev47
-
profile_id
915
Targets
-
-
Target
707eabebf679add877075a6b6a376dfe119956203f6fc8038e9d5ce1d1ff90ff
-
Size
616KB
-
MD5
a8a080ee38f353d92f1a9026c814da7c
-
SHA1
ca3a9e92617adfd45bb314e6451e6126f02e8e12
-
SHA256
707eabebf679add877075a6b6a376dfe119956203f6fc8038e9d5ce1d1ff90ff
-
SHA512
507da9725df1dfb885fc1969cbf8843d0e561f01347050d25d43cc5b6e33a8cc24c745a08a74cd9edc1820f47b06dd9c637fa3d9b48fca4448f74fd13dd170a6
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-