General
-
Target
767b55ca8261ef7f264b8f6e5c89c5a6c3fa05190932e52e9a8f646c54c61856
-
Size
556KB
-
Sample
220625-jz73aacder
-
MD5
436dd96d8cabb1e2fb5f2eb1820e7da1
-
SHA1
e25e2e7ee05a5ee177ebfa30bc420ab8a640c692
-
SHA256
767b55ca8261ef7f264b8f6e5c89c5a6c3fa05190932e52e9a8f646c54c61856
-
SHA512
695ecaac0e5d5ebb389242f21d9e0fde55383bd683aaf4b0ba39c646e99361e0ba01cc2b4dee106227f925ba25275103fae955e0222452b7c84db294616f90eb
Behavioral task
behavioral1
Sample
767b55ca8261ef7f264b8f6e5c89c5a6c3fa05190932e52e9a8f646c54c61856.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
7.1
237
http://gettorrent.ac.ug/
-
profile_id
237
Targets
-
-
Target
767b55ca8261ef7f264b8f6e5c89c5a6c3fa05190932e52e9a8f646c54c61856
-
Size
556KB
-
MD5
436dd96d8cabb1e2fb5f2eb1820e7da1
-
SHA1
e25e2e7ee05a5ee177ebfa30bc420ab8a640c692
-
SHA256
767b55ca8261ef7f264b8f6e5c89c5a6c3fa05190932e52e9a8f646c54c61856
-
SHA512
695ecaac0e5d5ebb389242f21d9e0fde55383bd683aaf4b0ba39c646e99361e0ba01cc2b4dee106227f925ba25275103fae955e0222452b7c84db294616f90eb
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-