General
-
Target
a6c9e5b7bac981bd1da33de2934dfad66ba32916effd52ad57a77b349984119b
-
Size
4.3MB
-
Sample
220625-gx9f8abcb8
-
MD5
13f3a3c79ceee161c26f0b6b81cb27fb
-
SHA1
fa6823c3588f1b857a4b4adbcba0877be712dc5f
-
SHA256
a6c9e5b7bac981bd1da33de2934dfad66ba32916effd52ad57a77b349984119b
-
SHA512
efd0d198b6f70f41c02976f39ac9a02b207132a27903cccafb764dd99700aff5537ac75738c7d8ca7b4a37f4c3b4df3f959beef60b9b133132a72ccc55247b4c
Static task
static1
Behavioral task
behavioral1
Sample
a6c9e5b7bac981bd1da33de2934dfad66ba32916effd52ad57a77b349984119b.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
9.9
231
http://rapidbtcinvest.com/
-
profile_id
231
Targets
-
-
Target
a6c9e5b7bac981bd1da33de2934dfad66ba32916effd52ad57a77b349984119b
-
Size
4.3MB
-
MD5
13f3a3c79ceee161c26f0b6b81cb27fb
-
SHA1
fa6823c3588f1b857a4b4adbcba0877be712dc5f
-
SHA256
a6c9e5b7bac981bd1da33de2934dfad66ba32916effd52ad57a77b349984119b
-
SHA512
efd0d198b6f70f41c02976f39ac9a02b207132a27903cccafb764dd99700aff5537ac75738c7d8ca7b4a37f4c3b4df3f959beef60b9b133132a72ccc55247b4c
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-