General
-
Target
bae68ac96c4606b69b9be3135a2794a4c0f0f04f047e3c3f4a6f53db3d2de93d
-
Size
308KB
-
Sample
220623-xkfalsheb4
-
MD5
c5e45a9cfa880801281c18aba23e50d4
-
SHA1
ea6a91fdc1a539638e456806b020a6e8bb446687
-
SHA256
bae68ac96c4606b69b9be3135a2794a4c0f0f04f047e3c3f4a6f53db3d2de93d
-
SHA512
976bb6146a711561e21c6f59f3cf5ba93a85b637e0cbbd782640487a7000a61f61effe55c5763581f6545ff206f5f59cfee3fcdb5dbd80afe7707421bcfd48d5
Behavioral task
behavioral1
Sample
bae68ac96c4606b69b9be3135a2794a4c0f0f04f047e3c3f4a6f53db3d2de93d.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.7
1415
https://t.me/tg_superch
https://climatejustice.social/@olegf9844
-
profile_id
1415
Targets
-
-
Target
bae68ac96c4606b69b9be3135a2794a4c0f0f04f047e3c3f4a6f53db3d2de93d
-
Size
308KB
-
MD5
c5e45a9cfa880801281c18aba23e50d4
-
SHA1
ea6a91fdc1a539638e456806b020a6e8bb446687
-
SHA256
bae68ac96c4606b69b9be3135a2794a4c0f0f04f047e3c3f4a6f53db3d2de93d
-
SHA512
976bb6146a711561e21c6f59f3cf5ba93a85b637e0cbbd782640487a7000a61f61effe55c5763581f6545ff206f5f59cfee3fcdb5dbd80afe7707421bcfd48d5
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-