General
-
Target
8f2ffeaedb4a5f5fa8cb6b2d5a366c421d0e9d19f43522d779039ded4bd7cdd5
-
Size
441KB
-
Sample
220625-kxgmzsgbe5
-
MD5
bb184dc0a01803e162084a90c4df5e37
-
SHA1
4d45e556fcb9fc9ebe900a6cf45be76656ed6f22
-
SHA256
8f2ffeaedb4a5f5fa8cb6b2d5a366c421d0e9d19f43522d779039ded4bd7cdd5
-
SHA512
d94a9d609bad410851fe2cc4699ec357f8d29fbba3f94563b16e85c492f9b97e528a17a3be11cba7ada58c2f601c9cb9ce4330b687126bc6df2868a2294b1a63
Static task
static1
Behavioral task
behavioral1
Sample
8f2ffeaedb4a5f5fa8cb6b2d5a366c421d0e9d19f43522d779039ded4bd7cdd5.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16.2
533
http://voyagephoshop.org/
-
profile_id
533
Targets
-
-
Target
8f2ffeaedb4a5f5fa8cb6b2d5a366c421d0e9d19f43522d779039ded4bd7cdd5
-
Size
441KB
-
MD5
bb184dc0a01803e162084a90c4df5e37
-
SHA1
4d45e556fcb9fc9ebe900a6cf45be76656ed6f22
-
SHA256
8f2ffeaedb4a5f5fa8cb6b2d5a366c421d0e9d19f43522d779039ded4bd7cdd5
-
SHA512
d94a9d609bad410851fe2cc4699ec357f8d29fbba3f94563b16e85c492f9b97e528a17a3be11cba7ada58c2f601c9cb9ce4330b687126bc6df2868a2294b1a63
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-