General
-
Target
build.exe
-
Size
301KB
-
Sample
220510-gcc8aafah2
-
MD5
a28dd9f9e5e5b9cd4ed4678f272ae95b
-
SHA1
8baf92898954d076879daf50bcd2b895ecd15f83
-
SHA256
503f345095e5aa479b922a79aa479394a7ecedc9eba9d396a2a82c4649a479d1
-
SHA512
a20b9661804f8b787434d70c7beccddef9a013bd76cab31f94e7da1162b8ed764e195d626e3ae7522e5f4581c169cd34ae190eb60f2b370859d2994f5ab7e310
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52
1332
https://t.me/hollandracing
https://busshi.moe/@ronxik321
-
profile_id
1332
Targets
-
-
Target
build.exe
-
Size
301KB
-
MD5
a28dd9f9e5e5b9cd4ed4678f272ae95b
-
SHA1
8baf92898954d076879daf50bcd2b895ecd15f83
-
SHA256
503f345095e5aa479b922a79aa479394a7ecedc9eba9d396a2a82c4649a479d1
-
SHA512
a20b9661804f8b787434d70c7beccddef9a013bd76cab31f94e7da1162b8ed764e195d626e3ae7522e5f4581c169cd34ae190eb60f2b370859d2994f5ab7e310
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-