General
-
Target
1E9311C594D49FEBA530C3CE815DFD2D - Kopie
-
Size
24KB
-
Sample
220506-f4641acaan
-
MD5
24cd5c386318545b5e0521a45914fb48
-
SHA1
f9845e0afcb7a33f82f708c15275e9c3b3ef5314
-
SHA256
bf9bf6b10b3958738af06e9384ae99067250e2a49f50823361724086af0ab933
-
SHA512
40ee8f842aa557b8ed9d789dccdc64858f21abd2747a0f9e31646e4fe8b5edd9e9660df4e6bb1b3b033ce75b06700d851478c973d69044472617163e8a04f0b7
Static task
static1
Behavioral task
behavioral1
Sample
1E9311C594D49FEBA530C3CE815DFD2D - Kopie.exe
Resource
win7-20220414-en
Malware Config
Extracted
arkei
Default
Targets
-
-
Target
1E9311C594D49FEBA530C3CE815DFD2D - Kopie
-
Size
24KB
-
MD5
24cd5c386318545b5e0521a45914fb48
-
SHA1
f9845e0afcb7a33f82f708c15275e9c3b3ef5314
-
SHA256
bf9bf6b10b3958738af06e9384ae99067250e2a49f50823361724086af0ab933
-
SHA512
40ee8f842aa557b8ed9d789dccdc64858f21abd2747a0f9e31646e4fe8b5edd9e9660df4e6bb1b3b033ce75b06700d851478c973d69044472617163e8a04f0b7
-
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-