Extracted

• • Target

    56ae0f5f3471eb274a59146fcb33e9d2dde95e6db735b9680276ef2d0a6cf2ac

  • Size

    556KB

  • MD5

    2d75516fed5992be6a8b600a40ab6cfa

  • SHA1

    ec8e2926145ed6cbd862a3c7994200afa3704efa

  • SHA256

    56ae0f5f3471eb274a59146fcb33e9d2dde95e6db735b9680276ef2d0a6cf2ac

  • SHA512

    13df6f4cf24762f8150ea2274afa94619b4feb9e3d75d47c95e81ad820dc8f1fb4d005080650796058e74c4861901c39c0ab7c7cd0bef1527622b9970b7a23c2

  Score

  10^/10

  massloggervidardiscoveryspywarestealersuricata

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar log file

    Detects a log file produced by Vidar.

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2