General
-
Target
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
Size
454KB
-
Sample
220520-fccq3sdccn
-
MD5
85dc3ceb559451d55fdd33eb45f4cf78
-
SHA1
7141181c7aea99ba06dde4d0a62305d82fd20d78
-
SHA256
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
SHA512
6f87055d3ba99c12c0082a696553d8a78ebfc8f2ce45c6a9779fb14dace263c5ac32cc1fc5ce504d97c3d92a1079c2d506318c5be971c83876efdbb3868aaba6
Static task
static1
Behavioral task
behavioral1
Sample
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
29.4
517
http://wileyhollers.com/
-
profile_id
517
Targets
-
-
Target
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
Size
454KB
-
MD5
85dc3ceb559451d55fdd33eb45f4cf78
-
SHA1
7141181c7aea99ba06dde4d0a62305d82fd20d78
-
SHA256
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
SHA512
6f87055d3ba99c12c0082a696553d8a78ebfc8f2ce45c6a9779fb14dace263c5ac32cc1fc5ce504d97c3d92a1079c2d506318c5be971c83876efdbb3868aaba6
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-