General
-
Target
64fbd49f6c58bb38c5d55d3644f78f55163caa81b8a56dcf15486c5bda6a2f5c
-
Size
542KB
-
Sample
220520-fca79adccl
-
MD5
293e517ba368609f2fd93e705dbc2bf2
-
SHA1
89b03ee0010418257e6c9a2fd11a69de2d3c6f11
-
SHA256
64fbd49f6c58bb38c5d55d3644f78f55163caa81b8a56dcf15486c5bda6a2f5c
-
SHA512
e1932ff365569a0b0e368d7dcf0c46c30cf0db6e0956f5aca97d3d511cd1a7b7459eee98c6220fcff6d1970b3189565277a3c1dbaf22f8f3b198c0bcdcdeb719
Static task
static1
Behavioral task
behavioral1
Sample
64fbd49f6c58bb38c5d55d3644f78f55163caa81b8a56dcf15486c5bda6a2f5c.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
29.8
517
http://sastabiak.com/
-
profile_id
517
Targets
-
-
Target
64fbd49f6c58bb38c5d55d3644f78f55163caa81b8a56dcf15486c5bda6a2f5c
-
Size
542KB
-
MD5
293e517ba368609f2fd93e705dbc2bf2
-
SHA1
89b03ee0010418257e6c9a2fd11a69de2d3c6f11
-
SHA256
64fbd49f6c58bb38c5d55d3644f78f55163caa81b8a56dcf15486c5bda6a2f5c
-
SHA512
e1932ff365569a0b0e368d7dcf0c46c30cf0db6e0956f5aca97d3d511cd1a7b7459eee98c6220fcff6d1970b3189565277a3c1dbaf22f8f3b198c0bcdcdeb719
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-