General
-
Target
82b9f7efb7bb6cfaaf36c3c896eed1de16335d284644e98387bcf1de8d3fb03e
-
Size
3.6MB
-
Sample
220625-cf1ersccb6
-
MD5
c464ae20094e90e895dbe78303c0ec8c
-
SHA1
53fe1166efcb75c4ed7296f1ebfb7da961bfe91c
-
SHA256
82b9f7efb7bb6cfaaf36c3c896eed1de16335d284644e98387bcf1de8d3fb03e
-
SHA512
6e8b7d19717e057ebfa33bd7de1d67d617f5154faf6368431c7c45827a0e8dbd34297f50a6b46041124983db3584606ca6c5255e3bd52937d462ff417e77b875
Static task
static1
Behavioral task
behavioral1
Sample
82b9f7efb7bb6cfaaf36c3c896eed1de16335d284644e98387bcf1de8d3fb03e.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
10.5
231
http://carambaslonekal.top/
-
profile_id
231
Targets
-
-
Target
82b9f7efb7bb6cfaaf36c3c896eed1de16335d284644e98387bcf1de8d3fb03e
-
Size
3.6MB
-
MD5
c464ae20094e90e895dbe78303c0ec8c
-
SHA1
53fe1166efcb75c4ed7296f1ebfb7da961bfe91c
-
SHA256
82b9f7efb7bb6cfaaf36c3c896eed1de16335d284644e98387bcf1de8d3fb03e
-
SHA512
6e8b7d19717e057ebfa33bd7de1d67d617f5154faf6368431c7c45827a0e8dbd34297f50a6b46041124983db3584606ca6c5255e3bd52937d462ff417e77b875
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-