General
-
Target
2f2e70b2e3f475b4376ec74974c740c4fcd5529fa5d345747b2a8ea794a10a64
-
Size
1.2MB
-
Sample
220621-3ebywsegar
-
MD5
647b37e6a2b769bd27ff9bb8053010ab
-
SHA1
296900eeed954a7a2ed8122f6e4ff7ced6c9f3bb
-
SHA256
2f2e70b2e3f475b4376ec74974c740c4fcd5529fa5d345747b2a8ea794a10a64
-
SHA512
414805edd356e21afd1fdfca68f8621d3bfb9eb65ba0b873c013bbcc2625ea3e0a71a8b0a59b49fd5825734605515751dff6eed785ec283a196b1c41e5917750
Static task
static1
Behavioral task
behavioral1
Sample
2f2e70b2e3f475b4376ec74974c740c4fcd5529fa5d345747b2a8ea794a10a64.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16.9
237
http://travelquize.com/
-
profile_id
237
Targets
-
-
Target
2f2e70b2e3f475b4376ec74974c740c4fcd5529fa5d345747b2a8ea794a10a64
-
Size
1.2MB
-
MD5
647b37e6a2b769bd27ff9bb8053010ab
-
SHA1
296900eeed954a7a2ed8122f6e4ff7ced6c9f3bb
-
SHA256
2f2e70b2e3f475b4376ec74974c740c4fcd5529fa5d345747b2a8ea794a10a64
-
SHA512
414805edd356e21afd1fdfca68f8621d3bfb9eb65ba0b873c013bbcc2625ea3e0a71a8b0a59b49fd5825734605515751dff6eed785ec283a196b1c41e5917750
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-