General
-
Target
eufive_20211228-072759
-
Size
711KB
-
Sample
211228-k3n91scbgr
-
MD5
d1cf22ba6f8e74e729efbced8550ed67
-
SHA1
e3a09ccb3f4490e9e3badcab2b5850afdaa7f2e5
-
SHA256
4a349357e141d98e07e93f929982a81135fbd98a9f02ea1b92fcf322fab01d74
-
SHA512
589bd2600b2de3bc13cfa426f2f943ab35e5fd560b80b0134eef368281ddd18647a7d8f1f91defad87113e912b09d7b1e669d75f2618b8952ea40f2e109c5590
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20211228-072759.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
49.2
818
https://mstdn.social/@kipriauk9
https://qoto.org/@kipriauk8
-
profile_id
818
Targets
-
-
Target
eufive_20211228-072759
-
Size
711KB
-
MD5
d1cf22ba6f8e74e729efbced8550ed67
-
SHA1
e3a09ccb3f4490e9e3badcab2b5850afdaa7f2e5
-
SHA256
4a349357e141d98e07e93f929982a81135fbd98a9f02ea1b92fcf322fab01d74
-
SHA512
589bd2600b2de3bc13cfa426f2f943ab35e5fd560b80b0134eef368281ddd18647a7d8f1f91defad87113e912b09d7b1e669d75f2618b8952ea40f2e109c5590
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-