General
-
Target
2679fa8e9fd0c1f6f26527d53759bb596fda43a741b4dfcc99a8c0907836a835
-
Size
556KB
-
Sample
220616-j8v43sdca3
-
MD5
8b2403119f61c4f01f8faf07a36cd064
-
SHA1
f3dfdceb12568691eb34c3729087e2d144b78dfb
-
SHA256
2679fa8e9fd0c1f6f26527d53759bb596fda43a741b4dfcc99a8c0907836a835
-
SHA512
0d5706f8b1e13c762c09d6e2a5aed2d043da368126ffa9198a1f0117b5ed6922ac96f1f6f1351836083870e765a8487c65f40e9c78c0816ff743b8f7db013ed7
Malware Config
Extracted
vidar
4.3
101
http://nasalietco.com/
-
profile_id
101
Targets
-
-
Target
2679fa8e9fd0c1f6f26527d53759bb596fda43a741b4dfcc99a8c0907836a835
-
Size
556KB
-
MD5
8b2403119f61c4f01f8faf07a36cd064
-
SHA1
f3dfdceb12568691eb34c3729087e2d144b78dfb
-
SHA256
2679fa8e9fd0c1f6f26527d53759bb596fda43a741b4dfcc99a8c0907836a835
-
SHA512
0d5706f8b1e13c762c09d6e2a5aed2d043da368126ffa9198a1f0117b5ed6922ac96f1f6f1351836083870e765a8487c65f40e9c78c0816ff743b8f7db013ed7
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar log file
Detects a log file produced by Vidar.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-