General
-
Target
tmp
-
Size
377KB
-
Sample
220512-fnk7laaee3
-
MD5
3f731ba712e3a286bf832c4c0a20c6c0
-
SHA1
1a70ef68a6d1b7a7a8d3db6a19ce996ca19d4bf2
-
SHA256
36bccef36152628ba35e82a3bb798086f1b46118f9085834029f17a494c2c8df
-
SHA512
f7be97a3ac7ad8fe6be0f70863f25d53a1d4e4ff12fd289358ff448a598507cbf784bfe3f23f03a014756cf31f237fd705374c3eeb1af7fc2a479433249f636d
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.1
1364
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1364
Targets
-
-
Target
tmp
-
Size
377KB
-
MD5
3f731ba712e3a286bf832c4c0a20c6c0
-
SHA1
1a70ef68a6d1b7a7a8d3db6a19ce996ca19d4bf2
-
SHA256
36bccef36152628ba35e82a3bb798086f1b46118f9085834029f17a494c2c8df
-
SHA512
f7be97a3ac7ad8fe6be0f70863f25d53a1d4e4ff12fd289358ff448a598507cbf784bfe3f23f03a014756cf31f237fd705374c3eeb1af7fc2a479433249f636d
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-