General
-
Target
caec69a18e91839c1a46c79c6b55e68e14ba32ec2f2642a375870f958846fc66
-
Size
706KB
-
Sample
220624-2pacdafhgm
-
MD5
105f94e56d5fc9fc7555aef13e0af78e
-
SHA1
3bc068404a65522272c36b64cceb2adcabb04fb6
-
SHA256
caec69a18e91839c1a46c79c6b55e68e14ba32ec2f2642a375870f958846fc66
-
SHA512
4e9136ad3b3b5b4090668ef66e455fc24e5813789a858018022398a84f018f8d7f41573933c3aecda7689926a4d61a1a1494bc5ed81805fb5848757960e777ae
Static task
static1
Behavioral task
behavioral1
Sample
caec69a18e91839c1a46c79c6b55e68e14ba32ec2f2642a375870f958846fc66.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
12.8
288
http://dersed.com/
-
profile_id
288
Targets
-
-
Target
caec69a18e91839c1a46c79c6b55e68e14ba32ec2f2642a375870f958846fc66
-
Size
706KB
-
MD5
105f94e56d5fc9fc7555aef13e0af78e
-
SHA1
3bc068404a65522272c36b64cceb2adcabb04fb6
-
SHA256
caec69a18e91839c1a46c79c6b55e68e14ba32ec2f2642a375870f958846fc66
-
SHA512
4e9136ad3b3b5b4090668ef66e455fc24e5813789a858018022398a84f018f8d7f41573933c3aecda7689926a4d61a1a1494bc5ed81805fb5848757960e777ae
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-