General
-
Target
00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653
-
Size
612KB
-
Sample
220228-wkvvmagccr
-
MD5
73436d25c84169541b65e0918915e9b1
-
SHA1
172ff84dcf78e107491b41571633706f2769fc89
-
SHA256
00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653
-
SHA512
1cdada9ebc78d35c9a3abd46c822ba99a069388130c3d9e120d87d757991bc6b23222a920e5bb7695190bbed2a7c3855b71b4f7b21aaf7a3101a30c46433adcb
Static task
static1
Malware Config
Extracted
vidar
50.4
565
https://mastodon.online/@samsa11
https://koyu.space/@samsa2l
-
profile_id
565
Targets
-
-
Target
00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653
-
Size
612KB
-
MD5
73436d25c84169541b65e0918915e9b1
-
SHA1
172ff84dcf78e107491b41571633706f2769fc89
-
SHA256
00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653
-
SHA512
1cdada9ebc78d35c9a3abd46c822ba99a069388130c3d9e120d87d757991bc6b23222a920e5bb7695190bbed2a7c3855b71b4f7b21aaf7a3101a30c46433adcb
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-