General
-
Target
42cd7de6925300b74c8e007681e1f97e87082e5e634bac8825e9ea2e8772f262
-
Size
3.6MB
-
Sample
220708-bc4scabdcj
-
MD5
5604e1ed6dabccec6eeaa19858e9b083
-
SHA1
779d5880cc9ad5250a28e024c756f46056a51147
-
SHA256
42cd7de6925300b74c8e007681e1f97e87082e5e634bac8825e9ea2e8772f262
-
SHA512
6ee031648a499099841cf6d4c3cdd842d30c39f1b6cc7ed1421f3027d5f0c5a838eb0656f4388ba0668de45f30818bbe1d0f7db2aec70766029160dd6683f592
Static task
static1
Behavioral task
behavioral1
Sample
42cd7de6925300b74c8e007681e1f97e87082e5e634bac8825e9ea2e8772f262.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
10.6
231
http://coinchangerapi.com/
-
profile_id
231
Targets
-
-
Target
42cd7de6925300b74c8e007681e1f97e87082e5e634bac8825e9ea2e8772f262
-
Size
3.6MB
-
MD5
5604e1ed6dabccec6eeaa19858e9b083
-
SHA1
779d5880cc9ad5250a28e024c756f46056a51147
-
SHA256
42cd7de6925300b74c8e007681e1f97e87082e5e634bac8825e9ea2e8772f262
-
SHA512
6ee031648a499099841cf6d4c3cdd842d30c39f1b6cc7ed1421f3027d5f0c5a838eb0656f4388ba0668de45f30818bbe1d0f7db2aec70766029160dd6683f592
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-