General
-
Target
698e881cd6b7c58a237dd010c8bfbf147440d8c1ab0c1d5cb6695389ccb9e174
-
Size
406KB
-
Sample
220427-wllncafgf9
-
MD5
59aa888ef54ea6231da6a76e7c6dd1d8
-
SHA1
9ad583e29917ac7e1011d03ac075d779226f03a9
-
SHA256
698e881cd6b7c58a237dd010c8bfbf147440d8c1ab0c1d5cb6695389ccb9e174
-
SHA512
bae41f224ce42359cddcc4495b8616d887b24bc4742b2d95f71f432aa131d88a531c572be27bf09eb4f047655c768707197568059ab9008048f5a4450c562ebd
Static task
static1
Behavioral task
behavioral1
Sample
698e881cd6b7c58a237dd010c8bfbf147440d8c1ab0c1d5cb6695389ccb9e174.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
33.9
706
http://c3piofactory.com/
-
profile_id
706
Targets
-
-
Target
698e881cd6b7c58a237dd010c8bfbf147440d8c1ab0c1d5cb6695389ccb9e174
-
Size
406KB
-
MD5
59aa888ef54ea6231da6a76e7c6dd1d8
-
SHA1
9ad583e29917ac7e1011d03ac075d779226f03a9
-
SHA256
698e881cd6b7c58a237dd010c8bfbf147440d8c1ab0c1d5cb6695389ccb9e174
-
SHA512
bae41f224ce42359cddcc4495b8616d887b24bc4742b2d95f71f432aa131d88a531c572be27bf09eb4f047655c768707197568059ab9008048f5a4450c562ebd
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-