General
-
Target
8860ea573d5feae4a267aaa8cb8bf8c47f9c2c50e18ab3fc73d785afc89516cc
-
Size
661KB
-
Sample
220311-sj14gadadl
-
MD5
b8fb898ec2cab9c10329175a89ca4a79
-
SHA1
b51d1d227b347e7230732175165af6a8357579c4
-
SHA256
8860ea573d5feae4a267aaa8cb8bf8c47f9c2c50e18ab3fc73d785afc89516cc
-
SHA512
b0d00ee5d9297e8690fbb8566f8f3c0e47cd04534ea50aacabdbfef3cfb09c853a78db2a8ba06125f5416265cb8b2f5d1585109e950e66fd0b71ba2310789f1d
Static task
static1
Malware Config
Extracted
vidar
50.7
565
https://ruhr.social/@sam9al
https://koyu.space/@samsa2l
-
profile_id
565
Targets
-
-
Target
8860ea573d5feae4a267aaa8cb8bf8c47f9c2c50e18ab3fc73d785afc89516cc
-
Size
661KB
-
MD5
b8fb898ec2cab9c10329175a89ca4a79
-
SHA1
b51d1d227b347e7230732175165af6a8357579c4
-
SHA256
8860ea573d5feae4a267aaa8cb8bf8c47f9c2c50e18ab3fc73d785afc89516cc
-
SHA512
b0d00ee5d9297e8690fbb8566f8f3c0e47cd04534ea50aacabdbfef3cfb09c853a78db2a8ba06125f5416265cb8b2f5d1585109e950e66fd0b71ba2310789f1d
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-