General
-
Target
00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
-
Size
734KB
-
Sample
220119-vq5fksbgfj
-
MD5
c7097d122fba46de9e13571342a53307
-
SHA1
b09df82eb86ae192d1c01e72719aeb0b1b32fb3f
-
SHA256
00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
-
SHA512
7ae40df7313275f72467333a43f3b8e2ba79f96135bf1332920ec997fb6feceedc6f98353180b09b72f698832f03af96a6f32f85b5b70d43ef49d119404a5e1b
Static task
static1
Malware Config
Extracted
vidar
49.7
1031
https://mastodon.online/@prophef1
https://koyu.space/@prophef2
-
profile_id
1031
Targets
-
-
Target
00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
-
Size
734KB
-
MD5
c7097d122fba46de9e13571342a53307
-
SHA1
b09df82eb86ae192d1c01e72719aeb0b1b32fb3f
-
SHA256
00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
-
SHA512
7ae40df7313275f72467333a43f3b8e2ba79f96135bf1332920ec997fb6feceedc6f98353180b09b72f698832f03af96a6f32f85b5b70d43ef49d119404a5e1b
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-