General
-
Target
2335b8319552c730f82387c7863ca05a.exe
-
Size
612KB
-
Sample
220301-jfayfaadeq
-
MD5
2335b8319552c730f82387c7863ca05a
-
SHA1
ed19f55576184707091b1d54340d2a33f360a193
-
SHA256
a857b02662fd0cc423a8dc4213dca0167ff87f303190bf329213a1d9ee246069
-
SHA512
7ca5fbc12d6ced98770d13326095c7671aa419f750662c47cd2e9a83052acff2d6aecf4b30cc593220813e93b7a66946efdc889af2e34c4d0d77c29f835896fc
Static task
static1
Behavioral task
behavioral1
Sample
2335b8319552c730f82387c7863ca05a.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
50.3
1002
https://mastodon.social/@kill5rnax
https://noc.social/@kill6nix
-
profile_id
1002
Targets
-
-
Target
2335b8319552c730f82387c7863ca05a.exe
-
Size
612KB
-
MD5
2335b8319552c730f82387c7863ca05a
-
SHA1
ed19f55576184707091b1d54340d2a33f360a193
-
SHA256
a857b02662fd0cc423a8dc4213dca0167ff87f303190bf329213a1d9ee246069
-
SHA512
7ca5fbc12d6ced98770d13326095c7671aa419f750662c47cd2e9a83052acff2d6aecf4b30cc593220813e93b7a66946efdc889af2e34c4d0d77c29f835896fc
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-