General
-
Target
9451a9fb9fb23f81beaecbaad8e174b8.exe
-
Size
159KB
-
Sample
220508-h2m98adfal
-
MD5
9451a9fb9fb23f81beaecbaad8e174b8
-
SHA1
ebde6475ca62c6f1eb909eded69e108e3ada83fa
-
SHA256
27223530f9da259a9f2318b525399a30f5656ca4d2951d76af8039484d8f3e74
-
SHA512
b631fd9600d2eaa01cd7aafc128084da23e0cbd2a8899c9bc31a950899134479ca6f0139211fe134da89de8520706a22ac68393bdf5f0ef3d99710a70ed11cd4
Static task
static1
Behavioral task
behavioral1
Sample
9451a9fb9fb23f81beaecbaad8e174b8.exe
Resource
win7-20220414-en
Malware Config
Extracted
arkei
Default
Targets
-
-
Target
9451a9fb9fb23f81beaecbaad8e174b8.exe
-
Size
159KB
-
MD5
9451a9fb9fb23f81beaecbaad8e174b8
-
SHA1
ebde6475ca62c6f1eb909eded69e108e3ada83fa
-
SHA256
27223530f9da259a9f2318b525399a30f5656ca4d2951d76af8039484d8f3e74
-
SHA512
b631fd9600d2eaa01cd7aafc128084da23e0cbd2a8899c9bc31a950899134479ca6f0139211fe134da89de8520706a22ac68393bdf5f0ef3d99710a70ed11cd4
-
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-