General
-
Target
36e878979142564fabe92a87322ec15148da06253cd3d210871d11f859d13758
-
Size
2.6MB
-
Sample
220320-bv9fjsebfr
-
MD5
79c8e69402e047f1eea2be4bf214d67a
-
SHA1
f5ef9b27be43173ca4caef53b5c6c0a87a3a29b7
-
SHA256
36e878979142564fabe92a87322ec15148da06253cd3d210871d11f859d13758
-
SHA512
b866367d6af189037cc464aa8e5b221613d7726369c2a37893a1ea51a3e75c5865a128c49470f74732936216c9263dbcf22a18b0698ba1ec42be7c65f37da435
Static task
static1
Behavioral task
behavioral1
Sample
36e878979142564fabe92a87322ec15148da06253cd3d210871d11f859d13758.exe
Resource
win7-20220311-en
Malware Config
Extracted
vidar
35.7
781
http://atrainshop.com/
-
profile_id
781
Targets
-
-
Target
36e878979142564fabe92a87322ec15148da06253cd3d210871d11f859d13758
-
Size
2.6MB
-
MD5
79c8e69402e047f1eea2be4bf214d67a
-
SHA1
f5ef9b27be43173ca4caef53b5c6c0a87a3a29b7
-
SHA256
36e878979142564fabe92a87322ec15148da06253cd3d210871d11f859d13758
-
SHA512
b866367d6af189037cc464aa8e5b221613d7726369c2a37893a1ea51a3e75c5865a128c49470f74732936216c9263dbcf22a18b0698ba1ec42be7c65f37da435
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-