General
-
Target
579d61e4d2d4ff5585cae63699cfd7746bfbc94f133702442d6d15899f324b6b
-
Size
1.1MB
-
Sample
220724-z2a4bsggcp
-
MD5
da1ab2cbdc512d85bc4d5119928e3221
-
SHA1
ffc2e927793295815b231661ee5f21206da0fa36
-
SHA256
579d61e4d2d4ff5585cae63699cfd7746bfbc94f133702442d6d15899f324b6b
-
SHA512
b736faded4c83f40ea3b5af7443c4e535546379a55bd8afa3b31b44b70416de9f26cc23aab9e9ecf3e28ab5538eebdc74112b77c387cd28da2052d33bbd88b1f
Static task
static1
Behavioral task
behavioral1
Sample
579d61e4d2d4ff5585cae63699cfd7746bfbc94f133702442d6d15899f324b6b.exe
Resource
win7-20220715-en
Malware Config
Extracted
vidar
16.6
237
http://barkeoikeilo.click/
-
profile_id
237
Targets
-
-
Target
579d61e4d2d4ff5585cae63699cfd7746bfbc94f133702442d6d15899f324b6b
-
Size
1.1MB
-
MD5
da1ab2cbdc512d85bc4d5119928e3221
-
SHA1
ffc2e927793295815b231661ee5f21206da0fa36
-
SHA256
579d61e4d2d4ff5585cae63699cfd7746bfbc94f133702442d6d15899f324b6b
-
SHA512
b736faded4c83f40ea3b5af7443c4e535546379a55bd8afa3b31b44b70416de9f26cc23aab9e9ecf3e28ab5538eebdc74112b77c387cd28da2052d33bbd88b1f
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-