General
-
Target
e46ffbc8a86c14827324c36f26ef2fd865027135b0d985161d9b81845ab33b73
-
Size
626KB
-
Sample
220310-wh7reacgbn
-
MD5
e6b717637bc29d8a1e92bb6b9d580516
-
SHA1
214ceabc12361e04da5874d6a56e1a7b9f5edd03
-
SHA256
e46ffbc8a86c14827324c36f26ef2fd865027135b0d985161d9b81845ab33b73
-
SHA512
08cd99b59746488e2512f672e82b8e64f7ab0ea2608449ddabdd7eaf654eb7bc8f8ff8531b96ca5ed192be5787da4f426440e561ad67efa6bfcb84db54053280
Static task
static1
Malware Config
Extracted
vidar
50.6
565
https://mas.to/@s4msalo
https://koyu.space/@samsa2l
-
profile_id
565
Targets
-
-
Target
e46ffbc8a86c14827324c36f26ef2fd865027135b0d985161d9b81845ab33b73
-
Size
626KB
-
MD5
e6b717637bc29d8a1e92bb6b9d580516
-
SHA1
214ceabc12361e04da5874d6a56e1a7b9f5edd03
-
SHA256
e46ffbc8a86c14827324c36f26ef2fd865027135b0d985161d9b81845ab33b73
-
SHA512
08cd99b59746488e2512f672e82b8e64f7ab0ea2608449ddabdd7eaf654eb7bc8f8ff8531b96ca5ed192be5787da4f426440e561ad67efa6bfcb84db54053280
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-