General
-
Target
a4779cfb9d1fc473cfc608dc31c44646d1c9cc9d00ac7c83217b2f5fbe4e6536
-
Size
417KB
-
Sample
220508-gkp7tagfb8
-
MD5
216a259608251383e3af4481a42a4396
-
SHA1
dab53e4b3429fe66f073ece938c38270398f18fc
-
SHA256
a4779cfb9d1fc473cfc608dc31c44646d1c9cc9d00ac7c83217b2f5fbe4e6536
-
SHA512
e307d363f84cb551fdae1a8527a952292b127aba1f65ae2bb743d676a6377c3ac7280e2d8b609cee7283c5d9a2880f49c1861800243e0b999ca9f138ebd32c1d
Static task
static1
Behavioral task
behavioral1
Sample
a4779cfb9d1fc473cfc608dc31c44646d1c9cc9d00ac7c83217b2f5fbe4e6536.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
32.5
706
http://freedomainsdesign.com/
-
profile_id
706
Targets
-
-
Target
a4779cfb9d1fc473cfc608dc31c44646d1c9cc9d00ac7c83217b2f5fbe4e6536
-
Size
417KB
-
MD5
216a259608251383e3af4481a42a4396
-
SHA1
dab53e4b3429fe66f073ece938c38270398f18fc
-
SHA256
a4779cfb9d1fc473cfc608dc31c44646d1c9cc9d00ac7c83217b2f5fbe4e6536
-
SHA512
e307d363f84cb551fdae1a8527a952292b127aba1f65ae2bb743d676a6377c3ac7280e2d8b609cee7283c5d9a2880f49c1861800243e0b999ca9f138ebd32c1d
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-