General
-
Target
7631db7895c9e909932dc8d1a925c7c0dc2c15ef383ac13a0321564ff1d33a3e
-
Size
616KB
-
Sample
220520-d1pz7saecm
-
MD5
c41cf853ad0947ea32e46c8893c5adc1
-
SHA1
2e97e5d1516faa496a1d8dcdb0f62839aa59318d
-
SHA256
7631db7895c9e909932dc8d1a925c7c0dc2c15ef383ac13a0321564ff1d33a3e
-
SHA512
559beca7e734ef806dfe05c2fa3e0d3a3dcc0b2af452aa39b2afbfa416f86892b166b02f41b39c0581b47511ceed8df17aae6858172087b4c2d4af28ff049c37
Static task
static1
Behavioral task
behavioral1
Sample
7631db7895c9e909932dc8d1a925c7c0dc2c15ef383ac13a0321564ff1d33a3e.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
8.1
231
http://oldspicebest.com/
-
profile_id
231
Targets
-
-
Target
7631db7895c9e909932dc8d1a925c7c0dc2c15ef383ac13a0321564ff1d33a3e
-
Size
616KB
-
MD5
c41cf853ad0947ea32e46c8893c5adc1
-
SHA1
2e97e5d1516faa496a1d8dcdb0f62839aa59318d
-
SHA256
7631db7895c9e909932dc8d1a925c7c0dc2c15ef383ac13a0321564ff1d33a3e
-
SHA512
559beca7e734ef806dfe05c2fa3e0d3a3dcc0b2af452aa39b2afbfa416f86892b166b02f41b39c0581b47511ceed8df17aae6858172087b4c2d4af28ff049c37
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-