Overview

overview

10

Static

static

10

c5cf825981...76.exe

windows7_x64

10

c5cf825981...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5cf8259812fa98f5879d176fb6cc0079481290fe3cd6a389925847e54336e76

  • Size

    559KB

  • Sample

    220701-e1th3adga7

  • MD5

    8664a770ca28eb9803452cd87b53eb3c

  • SHA1

    884e729e7b1c1a07c2a1c0403be483f5a4cd957e

  • SHA256

    c5cf8259812fa98f5879d176fb6cc0079481290fe3cd6a389925847e54336e76

  • SHA512

    32741a6abccebb750d2326116fd02d33f28cfa7d7a7435a3ba56908bb4365214f8d53196607109da6eb0bef7fd497e5aaba951f4c917ceacd195bd2b8a77f61e

Score
10/10
vidar93stealersuricata

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

93

C2

http://search.ac.ug/

Attributes
  • profile_id

    93

Targets

    • Target

      c5cf8259812fa98f5879d176fb6cc0079481290fe3cd6a389925847e54336e76

    • Size

      559KB

    • MD5

      8664a770ca28eb9803452cd87b53eb3c

    • SHA1

      884e729e7b1c1a07c2a1c0403be483f5a4cd957e

    • SHA256

      c5cf8259812fa98f5879d176fb6cc0079481290fe3cd6a389925847e54336e76

    • SHA512

      32741a6abccebb750d2326116fd02d33f28cfa7d7a7435a3ba56908bb4365214f8d53196607109da6eb0bef7fd497e5aaba951f4c917ceacd195bd2b8a77f61e

    Score
    10/10
    suricata

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks