General
-
Target
e0878ef2edfdccfa31a2a800b40bc1f246042a734969e7fb62aea39eabaf8bff
-
Size
1.1MB
-
Sample
220520-3xg8mahff3
-
MD5
46248d659afbc97eaf5b82af64743c7f
-
SHA1
0b1e11384248bbca55d2d3cc642ae3ce24af68d0
-
SHA256
e0878ef2edfdccfa31a2a800b40bc1f246042a734969e7fb62aea39eabaf8bff
-
SHA512
7a84cfe3e88391ab1da0efd628cc6f25183a45ea2a504b3c4b80ef82da49d4663201eb682c60d7879e51ff385cd5dbe8dc4768577643ca2c450510870d1c92b5
Static task
static1
Behavioral task
behavioral1
Sample
e0878ef2edfdccfa31a2a800b40bc1f246042a734969e7fb62aea39eabaf8bff.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16.5
237
http://gakserol.site/
-
profile_id
237
Targets
-
-
Target
e0878ef2edfdccfa31a2a800b40bc1f246042a734969e7fb62aea39eabaf8bff
-
Size
1.1MB
-
MD5
46248d659afbc97eaf5b82af64743c7f
-
SHA1
0b1e11384248bbca55d2d3cc642ae3ce24af68d0
-
SHA256
e0878ef2edfdccfa31a2a800b40bc1f246042a734969e7fb62aea39eabaf8bff
-
SHA512
7a84cfe3e88391ab1da0efd628cc6f25183a45ea2a504b3c4b80ef82da49d4663201eb682c60d7879e51ff385cd5dbe8dc4768577643ca2c450510870d1c92b5
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-