General
-
Target
a4983faa6bc1743bd7607fc5f8204694e6852af052a2bb8db7af6e24fe71267a
-
Size
4.3MB
-
Sample
220724-v5ll1schdn
-
MD5
c8659d50dd2e24fb509377114355aa36
-
SHA1
0a3d5ba3e3cb94c89c2007c68ba11ba97674c67a
-
SHA256
a4983faa6bc1743bd7607fc5f8204694e6852af052a2bb8db7af6e24fe71267a
-
SHA512
3ff3d3aee31f76f3bee725740b803331439602b92791e6aea5f62dcf112689caab262f4a8d7bee45c0f70ff4ccc6d29a24802d8705e8032c17fd26a54a790d5a
Static task
static1
Behavioral task
behavioral1
Sample
a4983faa6bc1743bd7607fc5f8204694e6852af052a2bb8db7af6e24fe71267a.exe
Resource
win7-20220718-en
Malware Config
Extracted
vidar
9.9
231
http://rapidbtcinvest.com/
-
profile_id
231
Targets
-
-
Target
a4983faa6bc1743bd7607fc5f8204694e6852af052a2bb8db7af6e24fe71267a
-
Size
4.3MB
-
MD5
c8659d50dd2e24fb509377114355aa36
-
SHA1
0a3d5ba3e3cb94c89c2007c68ba11ba97674c67a
-
SHA256
a4983faa6bc1743bd7607fc5f8204694e6852af052a2bb8db7af6e24fe71267a
-
SHA512
3ff3d3aee31f76f3bee725740b803331439602b92791e6aea5f62dcf112689caab262f4a8d7bee45c0f70ff4ccc6d29a24802d8705e8032c17fd26a54a790d5a
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-