General
-
Target
10084850b03a65bc94899e41680e6207ab71c6b96a7bf65f6086fbba41cc7b5c
-
Size
1004KB
-
Sample
220604-qzz51ahfd5
-
MD5
d9160e846a7dd1f58b972a5550999999
-
SHA1
e469d8d8cfb0229debf5b978c12fec6d4732d080
-
SHA256
10084850b03a65bc94899e41680e6207ab71c6b96a7bf65f6086fbba41cc7b5c
-
SHA512
f91d667a89311b035d6044e9b9e4e1f73160f8528a44ccb3f6b3a8352541339787e4e9e5f9b06b584caf4c5fbc2484a4a9d5e6fad4e9c9389d60ee6e0d2c93a8
Static task
static1
Behavioral task
behavioral1
Sample
10084850b03a65bc94899e41680e6207ab71c6b96a7bf65f6086fbba41cc7b5c.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16
237
http://crarepo.com/
-
profile_id
237
Targets
-
-
Target
10084850b03a65bc94899e41680e6207ab71c6b96a7bf65f6086fbba41cc7b5c
-
Size
1004KB
-
MD5
d9160e846a7dd1f58b972a5550999999
-
SHA1
e469d8d8cfb0229debf5b978c12fec6d4732d080
-
SHA256
10084850b03a65bc94899e41680e6207ab71c6b96a7bf65f6086fbba41cc7b5c
-
SHA512
f91d667a89311b035d6044e9b9e4e1f73160f8528a44ccb3f6b3a8352541339787e4e9e5f9b06b584caf4c5fbc2484a4a9d5e6fad4e9c9389d60ee6e0d2c93a8
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-