General
-
Target
15de60e1b4e4d9a2d97f0d0c86a2f7eeab135ab1d431229d7a5141e8cde6cc47
-
Size
556KB
-
Sample
220609-gedltsefdr
-
MD5
6fc2017a4204831df12650d640ed1650
-
SHA1
07764350facc159b161e22a7109938090b545c66
-
SHA256
15de60e1b4e4d9a2d97f0d0c86a2f7eeab135ab1d431229d7a5141e8cde6cc47
-
SHA512
a46a57ca2c3cc61500db621a5d742af5b06ab8744237d8602c707b025309846930ba076c6f18fc69cb1dba836a026620498fafbc65af1d9a184bc8adb9c2a70b
Behavioral task
behavioral1
Sample
15de60e1b4e4d9a2d97f0d0c86a2f7eeab135ab1d431229d7a5141e8cde6cc47.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
7.2
237
http://proshop.ac.ug/
-
profile_id
237
Targets
-
-
Target
15de60e1b4e4d9a2d97f0d0c86a2f7eeab135ab1d431229d7a5141e8cde6cc47
-
Size
556KB
-
MD5
6fc2017a4204831df12650d640ed1650
-
SHA1
07764350facc159b161e22a7109938090b545c66
-
SHA256
15de60e1b4e4d9a2d97f0d0c86a2f7eeab135ab1d431229d7a5141e8cde6cc47
-
SHA512
a46a57ca2c3cc61500db621a5d742af5b06ab8744237d8602c707b025309846930ba076c6f18fc69cb1dba836a026620498fafbc65af1d9a184bc8adb9c2a70b
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-