General
-
Target
cb52abdb36bedd775bf5e575f2aa4e2b54a858380f7e9066ffb732f516f33912
-
Size
3.7MB
-
Sample
220611-m7treadgbr
-
MD5
a69f1e4a9923267a2bcbebfbe2f44afd
-
SHA1
e5ad4661bac6d7ce06a6fb455620390913385685
-
SHA256
cb52abdb36bedd775bf5e575f2aa4e2b54a858380f7e9066ffb732f516f33912
-
SHA512
81f0f3cec9118f8c43b3d36985149612e66b4065e327865a2ea3a2b3883f9da97d4dfd09cd717b54bc621c8a056ad11ce056eb2a543f8c30ae8dd5f43f80ceb8
Static task
static1
Malware Config
Extracted
vidar
52.5
1125
https://t.me/tg_randomacc
https://indieweb.social/@ronxik333
-
profile_id
1125
Targets
-
-
Target
cb52abdb36bedd775bf5e575f2aa4e2b54a858380f7e9066ffb732f516f33912
-
Size
3.7MB
-
MD5
a69f1e4a9923267a2bcbebfbe2f44afd
-
SHA1
e5ad4661bac6d7ce06a6fb455620390913385685
-
SHA256
cb52abdb36bedd775bf5e575f2aa4e2b54a858380f7e9066ffb732f516f33912
-
SHA512
81f0f3cec9118f8c43b3d36985149612e66b4065e327865a2ea3a2b3883f9da97d4dfd09cd717b54bc621c8a056ad11ce056eb2a543f8c30ae8dd5f43f80ceb8
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-