General
-
Target
eufive_20211228-223310
-
Size
733KB
-
Sample
211228-2bmesacgfp
-
MD5
2945b75f1c6e90e9d6bffeed7b179caf
-
SHA1
7e78825073117e3b3382af2632dc0e7f3e78ec8d
-
SHA256
588e204d30aba32c18e8f2d4cd09f164a62f92666f6dc8cbe191ff826ef9c4cd
-
SHA512
d7df7b9c6d42d11280b5636e1305587c9cc5f8955c37b92201772d0418c46a7661a4ff2ad1395b1dce6e0dcbdbdbfe916cab9eb9a6f6998050a62d16d40d8618
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211228-223310.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
49.2
818
https://mstdn.social/@kipriauk9
https://qoto.org/@kipriauk8
-
profile_id
818
Targets
-
-
Target
eufive_20211228-223310
-
Size
733KB
-
MD5
2945b75f1c6e90e9d6bffeed7b179caf
-
SHA1
7e78825073117e3b3382af2632dc0e7f3e78ec8d
-
SHA256
588e204d30aba32c18e8f2d4cd09f164a62f92666f6dc8cbe191ff826ef9c4cd
-
SHA512
d7df7b9c6d42d11280b5636e1305587c9cc5f8955c37b92201772d0418c46a7661a4ff2ad1395b1dce6e0dcbdbdbfe916cab9eb9a6f6998050a62d16d40d8618
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-