General
-
Target
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
Size
531KB
-
Sample
220521-m6dzkadbb3
-
MD5
910747fd832b5974deb69a7403817984
-
SHA1
17a06d18d852064ac58e5ad3e755d33ad8c94a05
-
SHA256
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
SHA512
974e6149b1a11056e0536d4588ac361fc7e8243524c0374e0f7159f992fd76157057c9050b50f078390b891cb0a480d1ab6d9c1df6060e9d28f4d454aabe98d1
Static task
static1
Behavioral task
behavioral1
Sample
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
30.6
517
http://swiloodex.com/
-
profile_id
517
Targets
-
-
Target
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
Size
531KB
-
MD5
910747fd832b5974deb69a7403817984
-
SHA1
17a06d18d852064ac58e5ad3e755d33ad8c94a05
-
SHA256
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
SHA512
974e6149b1a11056e0536d4588ac361fc7e8243524c0374e0f7159f992fd76157057c9050b50f078390b891cb0a480d1ab6d9c1df6060e9d28f4d454aabe98d1
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-