General
-
Target
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
Size
570KB
-
Sample
220502-cas4hahdf3
-
MD5
6d7ee9b77de7229f7e6a8fd4c97bc589
-
SHA1
68981740e0e5a5b60c6d771c4dc624141cd51b19
-
SHA256
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
SHA512
07b6a214bb986aa5846051012dc8cdb615cadbd651b5203a227f81966679c8b0c7d4e309da63c6162ead8be26aa98e3940499220e3ad1c9a3e741af83135d482
Static task
static1
Behavioral task
behavioral1
Sample
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
32.8
706
http://flowerfarm.co.ug/
-
profile_id
706
Targets
-
-
Target
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
Size
570KB
-
MD5
6d7ee9b77de7229f7e6a8fd4c97bc589
-
SHA1
68981740e0e5a5b60c6d771c4dc624141cd51b19
-
SHA256
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
SHA512
07b6a214bb986aa5846051012dc8cdb615cadbd651b5203a227f81966679c8b0c7d4e309da63c6162ead8be26aa98e3940499220e3ad1c9a3e741af83135d482
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-