General
-
Target
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
Size
536KB
-
Sample
220708-wta7ksdffp
-
MD5
f2a197d1fb54e9ba87f8700356803512
-
SHA1
ab62e8f84e421aba4c878d476b3f30af804dae2b
-
SHA256
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
SHA512
ce85de313d37d0afe0782e1c27986fca7e2f1cedd303fe321a49c1c76acad4ff7a91a33390142c1e71a9dfd46d544373584faae3f6ba18bc02e6ce6e528580a8
Static task
static1
Behavioral task
behavioral1
Sample
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
36
754
http://littlestepfor.com/
-
profile_id
754
Targets
-
-
Target
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
Size
536KB
-
MD5
f2a197d1fb54e9ba87f8700356803512
-
SHA1
ab62e8f84e421aba4c878d476b3f30af804dae2b
-
SHA256
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
SHA512
ce85de313d37d0afe0782e1c27986fca7e2f1cedd303fe321a49c1c76acad4ff7a91a33390142c1e71a9dfd46d544373584faae3f6ba18bc02e6ce6e528580a8
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-