General
-
Target
331f760f2f6e906e967e9c847b4cdf2ebcd7ba1e40f1a159829eaec89df4e847
-
Size
3.6MB
-
Sample
220620-d7fecadcdn
-
MD5
be8db6a439bce7655fe2a49a7234276f
-
SHA1
2d263aed2cb76c7fe79e10ecbfd5207acca2daf2
-
SHA256
331f760f2f6e906e967e9c847b4cdf2ebcd7ba1e40f1a159829eaec89df4e847
-
SHA512
02629a51fc05724e1b28fd8598e82b891df2f244a3acb01c3f2ed273d98738bb954ad0b92b9b9282d3262afa280fe2afb57592b2dce6ec905c3ff6c66148820d
Static task
static1
Behavioral task
behavioral1
Sample
331f760f2f6e906e967e9c847b4cdf2ebcd7ba1e40f1a159829eaec89df4e847.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
9.5
231
http://bestpolandhotels.com/
-
profile_id
231
Targets
-
-
Target
331f760f2f6e906e967e9c847b4cdf2ebcd7ba1e40f1a159829eaec89df4e847
-
Size
3.6MB
-
MD5
be8db6a439bce7655fe2a49a7234276f
-
SHA1
2d263aed2cb76c7fe79e10ecbfd5207acca2daf2
-
SHA256
331f760f2f6e906e967e9c847b4cdf2ebcd7ba1e40f1a159829eaec89df4e847
-
SHA512
02629a51fc05724e1b28fd8598e82b891df2f244a3acb01c3f2ed273d98738bb954ad0b92b9b9282d3262afa280fe2afb57592b2dce6ec905c3ff6c66148820d
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-