General
-
Target
6d04ea83251f3206bfe3cf4a33d803792bec2496db275801ecb53e486bd0fe9e
-
Size
1.8MB
-
Sample
220111-ymjw9ahccq
-
MD5
152ea6fcb5da38701c49ac77522c3fd4
-
SHA1
a7177bee68bdd28ce65840e9057d3cb21a078c08
-
SHA256
6d04ea83251f3206bfe3cf4a33d803792bec2496db275801ecb53e486bd0fe9e
-
SHA512
610ba8d994735fc1039f441479c9a66ac16c610cb43ed9dc2f76aa0b7a20fd16c9c256e4a23be365673464a1fa8774fdd0bf2b52df6fe7840602275620ff8659
Static task
static1
Malware Config
Extracted
vidar
49.6
1125
https://noc.social/@banda5ker
https://mastodon.social/@banda6ker
-
profile_id
1125
Targets
-
-
Target
6d04ea83251f3206bfe3cf4a33d803792bec2496db275801ecb53e486bd0fe9e
-
Size
1.8MB
-
MD5
152ea6fcb5da38701c49ac77522c3fd4
-
SHA1
a7177bee68bdd28ce65840e9057d3cb21a078c08
-
SHA256
6d04ea83251f3206bfe3cf4a33d803792bec2496db275801ecb53e486bd0fe9e
-
SHA512
610ba8d994735fc1039f441479c9a66ac16c610cb43ed9dc2f76aa0b7a20fd16c9c256e4a23be365673464a1fa8774fdd0bf2b52df6fe7840602275620ff8659
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-