General
-
Target
0ce45db58b6f12dc8cfc4d9d94e0ed8f596a9175a804b24817f8b8f24d1ea72e
-
Size
1.0MB
-
Sample
220520-d1n3xaaecl
-
MD5
b25319df966068115875420ca1a82d57
-
SHA1
1217ee3c65cab20a161fcb799f376d1f4be71938
-
SHA256
0ce45db58b6f12dc8cfc4d9d94e0ed8f596a9175a804b24817f8b8f24d1ea72e
-
SHA512
cdfa6f84a8ba6877bddad680c377a73492d00e94816c2d1a484fe6d3c3a48c285c1c5bad1c5e6045bf3f2782ab5ba859133ce8aa746f56c0e4aa95f99bc7dcc7
Static task
static1
Behavioral task
behavioral1
Sample
0ce45db58b6f12dc8cfc4d9d94e0ed8f596a9175a804b24817f8b8f24d1ea72e.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16
83
http://crarepo.com/
-
profile_id
83
Targets
-
-
Target
0ce45db58b6f12dc8cfc4d9d94e0ed8f596a9175a804b24817f8b8f24d1ea72e
-
Size
1.0MB
-
MD5
b25319df966068115875420ca1a82d57
-
SHA1
1217ee3c65cab20a161fcb799f376d1f4be71938
-
SHA256
0ce45db58b6f12dc8cfc4d9d94e0ed8f596a9175a804b24817f8b8f24d1ea72e
-
SHA512
cdfa6f84a8ba6877bddad680c377a73492d00e94816c2d1a484fe6d3c3a48c285c1c5bad1c5e6045bf3f2782ab5ba859133ce8aa746f56c0e4aa95f99bc7dcc7
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-