General
-
Target
3b9c5ff5adeae8d2cec922ed51eee0c9af43016c25163865480fba723acebff3
-
Size
4.3MB
-
Sample
220703-l9ngqshad2
-
MD5
46b161adc6af9bf969eb231c8e0e5964
-
SHA1
46780442ef9527011809ce33e3ace2ead00495f8
-
SHA256
3b9c5ff5adeae8d2cec922ed51eee0c9af43016c25163865480fba723acebff3
-
SHA512
6fb037f2d9d032cd935c81db83204c2b65e6ad0345831f15c352a9290043bc1d0142f4bee67f3560caf951511f4e1534790464180a0e925975a0922e4d4e7755
Static task
static1
Behavioral task
behavioral1
Sample
3b9c5ff5adeae8d2cec922ed51eee0c9af43016c25163865480fba723acebff3.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
10.1
231
http://tribecaflatstore.com/
-
profile_id
231
Targets
-
-
Target
3b9c5ff5adeae8d2cec922ed51eee0c9af43016c25163865480fba723acebff3
-
Size
4.3MB
-
MD5
46b161adc6af9bf969eb231c8e0e5964
-
SHA1
46780442ef9527011809ce33e3ace2ead00495f8
-
SHA256
3b9c5ff5adeae8d2cec922ed51eee0c9af43016c25163865480fba723acebff3
-
SHA512
6fb037f2d9d032cd935c81db83204c2b65e6ad0345831f15c352a9290043bc1d0142f4bee67f3560caf951511f4e1534790464180a0e925975a0922e4d4e7755
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-