General
-
Target
482c26795c473fd28033bd1009e8315c3df4edb3266742e890b928836e6f08e6
-
Size
1.2MB
-
Sample
220714-en3afacffj
-
MD5
f87ba709e586875a1759e5c89744bd01
-
SHA1
95ad4082f29092756e7468d81ea75a10596daac3
-
SHA256
482c26795c473fd28033bd1009e8315c3df4edb3266742e890b928836e6f08e6
-
SHA512
fe27daed8b8333ab58b594ea1ee6e695a8d67a4651647d672074c2b823b2ee73fe75ab1ed0e3f41ed79f2f5f31bd395fc4b061cf48371f1efdeb4d1df705befd
Static task
static1
Behavioral task
behavioral1
Sample
482c26795c473fd28033bd1009e8315c3df4edb3266742e890b928836e6f08e6.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
16.7
237
http://bokrosiiit.com/
-
profile_id
237
Targets
-
-
Target
482c26795c473fd28033bd1009e8315c3df4edb3266742e890b928836e6f08e6
-
Size
1.2MB
-
MD5
f87ba709e586875a1759e5c89744bd01
-
SHA1
95ad4082f29092756e7468d81ea75a10596daac3
-
SHA256
482c26795c473fd28033bd1009e8315c3df4edb3266742e890b928836e6f08e6
-
SHA512
fe27daed8b8333ab58b594ea1ee6e695a8d67a4651647d672074c2b823b2ee73fe75ab1ed0e3f41ed79f2f5f31bd395fc4b061cf48371f1efdeb4d1df705befd
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-