General
-
Target
eufive_20220223-025148
-
Size
663KB
-
Sample
220223-lgl37sbaal
-
MD5
b6db195f995eaa865d52ff8a8480454e
-
SHA1
22f725b3fb4a498aa731c588cb061f820e5fc2c1
-
SHA256
3254164aadb07de0f4581d621e6c33accf87370c7f44bbed2bf10f8df2f15282
-
SHA512
facc5ada05ed2c5a28a093db74d97a5ca859b45fe14c20a9215830a8e119e756690c95c17bfc29b33a28708346974fb572c2e17862b18595fd166457c08a9918
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20220223-025148.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
50.3
565
https://mastodon.social/@kill5rnax
https://noc.social/@kill6nix
-
profile_id
565
Targets
-
-
Target
eufive_20220223-025148
-
Size
663KB
-
MD5
b6db195f995eaa865d52ff8a8480454e
-
SHA1
22f725b3fb4a498aa731c588cb061f820e5fc2c1
-
SHA256
3254164aadb07de0f4581d621e6c33accf87370c7f44bbed2bf10f8df2f15282
-
SHA512
facc5ada05ed2c5a28a093db74d97a5ca859b45fe14c20a9215830a8e119e756690c95c17bfc29b33a28708346974fb572c2e17862b18595fd166457c08a9918
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-