General
-
Target
bc9d356f8d08396d620d249b8f34a664c9397467b1a6033013c788df734f8bda
-
Size
501KB
-
Sample
220520-gl4ftschc4
-
MD5
15da97ee7d404ff8d7c3b2b0cb8329ca
-
SHA1
2e3a61cda59a5b9ef8b22932eb369d1d7836ef70
-
SHA256
bc9d356f8d08396d620d249b8f34a664c9397467b1a6033013c788df734f8bda
-
SHA512
22cd806a68a6ebd135cbc3a0617e21b79747c9f3a3c8cf174c14c74e2cccf0f4bfa4f0ef414d3814c9f4b29e44b2875cee5b2f842ee77a6b72d641501095bd0c
Static task
static1
Behavioral task
behavioral1
Sample
bc9d356f8d08396d620d249b8f34a664c9397467b1a6033013c788df734f8bda.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
29.7
517
http://shashlyndos.com/
-
profile_id
517
Targets
-
-
Target
bc9d356f8d08396d620d249b8f34a664c9397467b1a6033013c788df734f8bda
-
Size
501KB
-
MD5
15da97ee7d404ff8d7c3b2b0cb8329ca
-
SHA1
2e3a61cda59a5b9ef8b22932eb369d1d7836ef70
-
SHA256
bc9d356f8d08396d620d249b8f34a664c9397467b1a6033013c788df734f8bda
-
SHA512
22cd806a68a6ebd135cbc3a0617e21b79747c9f3a3c8cf174c14c74e2cccf0f4bfa4f0ef414d3814c9f4b29e44b2875cee5b2f842ee77a6b72d641501095bd0c
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-