General
-
Target
ad20637da178238530a18a616ecf1fb1c80c57a52bce5eddf5c370ba0c9a690a
-
Size
2.5MB
-
Sample
220630-w29p4shff2
-
MD5
8b18d8fa4c4ac43666384fc4f6dae808
-
SHA1
88f5eab1250abe436a2f1d38c8912722ed153e95
-
SHA256
ad20637da178238530a18a616ecf1fb1c80c57a52bce5eddf5c370ba0c9a690a
-
SHA512
ae86fb730a53aa0c1f83a6ded454c99588d7740c2425359ef21721c2214246e31de2ef13ffdb74b547b7e56a04db1f37e0d24580628e0e04dfd9c26fa47e389c
Static task
static1
Behavioral task
behavioral1
Sample
ad20637da178238530a18a616ecf1fb1c80c57a52bce5eddf5c370ba0c9a690a.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
35.8
781
http://mine2021.com/
-
profile_id
781
Targets
-
-
Target
ad20637da178238530a18a616ecf1fb1c80c57a52bce5eddf5c370ba0c9a690a
-
Size
2.5MB
-
MD5
8b18d8fa4c4ac43666384fc4f6dae808
-
SHA1
88f5eab1250abe436a2f1d38c8912722ed153e95
-
SHA256
ad20637da178238530a18a616ecf1fb1c80c57a52bce5eddf5c370ba0c9a690a
-
SHA512
ae86fb730a53aa0c1f83a6ded454c99588d7740c2425359ef21721c2214246e31de2ef13ffdb74b547b7e56a04db1f37e0d24580628e0e04dfd9c26fa47e389c
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-