General
-
Target
08df48c8601f0c28b046a7cefb564d9628a5416c111488142ada2ee7bb398550
-
Size
4.3MB
-
Sample
220530-zdsy8sacd7
-
MD5
05d1f810e1e7d48d0d729ed811108d2f
-
SHA1
96650bd1c28b0fe73dee7dc0c50885310bcf8c11
-
SHA256
08df48c8601f0c28b046a7cefb564d9628a5416c111488142ada2ee7bb398550
-
SHA512
d71609dd0ce443ed3a3b138ca5375775b62f0e42c3fe660de3ad2ad1607287edce2bf9f2627392882c9ea73b6eb1490d71730bbc86a8cf2f0f7600a8a6f923d7
Static task
static1
Behavioral task
behavioral1
Sample
08df48c8601f0c28b046a7cefb564d9628a5416c111488142ada2ee7bb398550.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
10.3
231
http://trasolevelqvines.com/
-
profile_id
231
Targets
-
-
Target
08df48c8601f0c28b046a7cefb564d9628a5416c111488142ada2ee7bb398550
-
Size
4.3MB
-
MD5
05d1f810e1e7d48d0d729ed811108d2f
-
SHA1
96650bd1c28b0fe73dee7dc0c50885310bcf8c11
-
SHA256
08df48c8601f0c28b046a7cefb564d9628a5416c111488142ada2ee7bb398550
-
SHA512
d71609dd0ce443ed3a3b138ca5375775b62f0e42c3fe660de3ad2ad1607287edce2bf9f2627392882c9ea73b6eb1490d71730bbc86a8cf2f0f7600a8a6f923d7
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-