General
-
Target
d7d48f0b820099356f9a87cfa776a5b042e0bddf86919ef7eef4c68dfbec3a3f
-
Size
747KB
-
Sample
220215-gdd6zacgel
-
MD5
e1f83b28721f3c95f9064ed44710a484
-
SHA1
28e022870babe234e796ba14cf8b69f262eede7e
-
SHA256
d7d48f0b820099356f9a87cfa776a5b042e0bddf86919ef7eef4c68dfbec3a3f
-
SHA512
c3f699a2bf5c11ec3ef2d417bc49d9c2bc202247a52f5063f45cb549afa7b9a8e20b1100dddafb25eba6e99b2a92cd4b9097b11a7083f1834787af1ba4cb8289
Static task
static1
Behavioral task
behavioral1
Sample
d7d48f0b820099356f9a87cfa776a5b042e0bddf86919ef7eef4c68dfbec3a3f.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
48.3
937
-
profile_id
937
Targets
-
-
Target
d7d48f0b820099356f9a87cfa776a5b042e0bddf86919ef7eef4c68dfbec3a3f
-
Size
747KB
-
MD5
e1f83b28721f3c95f9064ed44710a484
-
SHA1
28e022870babe234e796ba14cf8b69f262eede7e
-
SHA256
d7d48f0b820099356f9a87cfa776a5b042e0bddf86919ef7eef4c68dfbec3a3f
-
SHA512
c3f699a2bf5c11ec3ef2d417bc49d9c2bc202247a52f5063f45cb549afa7b9a8e20b1100dddafb25eba6e99b2a92cd4b9097b11a7083f1834787af1ba4cb8289
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-