General
-
Target
0d1af8185d92a0aa5ea518e783884ffbbd5b592454ed4082844ca06a0dadf1b3
-
Size
740KB
-
Sample
220210-d1j4ysdacr
-
MD5
f2ebfd5e9e61d629d186432a1e2a0e27
-
SHA1
29cf0df3fa76e4b966eeb18000d953c1903a73e7
-
SHA256
0d1af8185d92a0aa5ea518e783884ffbbd5b592454ed4082844ca06a0dadf1b3
-
SHA512
66a76150529c1180caa3f0a2f672ce785de8f92c27499eaeab36cadb011cc9a77a552b7cc3b8d06199b1f68bfea7d3c1463f28986da7fa7453567c9c943f211b
Static task
static1
Behavioral task
behavioral1
Sample
0d1af8185d92a0aa5ea518e783884ffbbd5b592454ed4082844ca06a0dadf1b3.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
49.6
937
https://noc.social/@banda5ker
https://mastodon.social/@banda6ker
-
profile_id
937
Targets
-
-
Target
0d1af8185d92a0aa5ea518e783884ffbbd5b592454ed4082844ca06a0dadf1b3
-
Size
740KB
-
MD5
f2ebfd5e9e61d629d186432a1e2a0e27
-
SHA1
29cf0df3fa76e4b966eeb18000d953c1903a73e7
-
SHA256
0d1af8185d92a0aa5ea518e783884ffbbd5b592454ed4082844ca06a0dadf1b3
-
SHA512
66a76150529c1180caa3f0a2f672ce785de8f92c27499eaeab36cadb011cc9a77a552b7cc3b8d06199b1f68bfea7d3c1463f28986da7fa7453567c9c943f211b
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-