General
-
Target
2f8f97ad74411b3a8919a4a481f1d32521fcb49ea5e54008676e61549e6b0208
-
Size
660KB
-
Sample
220621-yq42laedf6
-
MD5
d5a823889ad46e52f2d68e4004cf3227
-
SHA1
e94097a784f100aedb1aa459bedb8b96221554c2
-
SHA256
2f8f97ad74411b3a8919a4a481f1d32521fcb49ea5e54008676e61549e6b0208
-
SHA512
243aed2edcf26717ba0178ed2cae73a493e7826aa98c5c999b364ff5d55467b9a0c4dc408847074316f4c5e35ef8e76e124278a61f50b6fddcc8658bbf1cd3dd
Static task
static1
Behavioral task
behavioral1
Sample
2f8f97ad74411b3a8919a4a481f1d32521fcb49ea5e54008676e61549e6b0208.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
12.3
499
http://hardrocklv.org/
-
profile_id
499
Targets
-
-
Target
2f8f97ad74411b3a8919a4a481f1d32521fcb49ea5e54008676e61549e6b0208
-
Size
660KB
-
MD5
d5a823889ad46e52f2d68e4004cf3227
-
SHA1
e94097a784f100aedb1aa459bedb8b96221554c2
-
SHA256
2f8f97ad74411b3a8919a4a481f1d32521fcb49ea5e54008676e61549e6b0208
-
SHA512
243aed2edcf26717ba0178ed2cae73a493e7826aa98c5c999b364ff5d55467b9a0c4dc408847074316f4c5e35ef8e76e124278a61f50b6fddcc8658bbf1cd3dd
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-