General
-
Target
8b2fc3bb6447331f0eb3e849df926209614f25b88de9baff4a447da95948bf3f
-
Size
628KB
-
Sample
220215-j8e3vseagj
-
MD5
77f161d85c24320576c3cadbf3a15533
-
SHA1
f29f7facad8e1b16254b6394304c0afc09a6241f
-
SHA256
8b2fc3bb6447331f0eb3e849df926209614f25b88de9baff4a447da95948bf3f
-
SHA512
720d20d50713f6efef3bfd234dc0dc8c5eebbbc2d367641ea8534ce6e1f15212b6ed0d8b280159105f00a6562fdd8daf7dc5bca20d40b9c660bcd2fdc92530a5
Static task
static1
Behavioral task
behavioral1
Sample
8b2fc3bb6447331f0eb3e849df926209614f25b88de9baff4a447da95948bf3f.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
48.3
937
-
profile_id
937
Targets
-
-
Target
8b2fc3bb6447331f0eb3e849df926209614f25b88de9baff4a447da95948bf3f
-
Size
628KB
-
MD5
77f161d85c24320576c3cadbf3a15533
-
SHA1
f29f7facad8e1b16254b6394304c0afc09a6241f
-
SHA256
8b2fc3bb6447331f0eb3e849df926209614f25b88de9baff4a447da95948bf3f
-
SHA512
720d20d50713f6efef3bfd234dc0dc8c5eebbbc2d367641ea8534ce6e1f15212b6ed0d8b280159105f00a6562fdd8daf7dc5bca20d40b9c660bcd2fdc92530a5
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-