General
-
Target
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
Size
939KB
-
Sample
220725-dr3vpscfbq
-
MD5
c83d9e6e41902a70eb1b8f188cc8eb59
-
SHA1
a9827e9089a5011099d5755f5c9d6ef9afa2247e
-
SHA256
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
SHA512
dd3d54830e0131f968d3a7e4e9e285aea46688d6b509be3b715c2a8ba728fb3805e52247d0b67b622f3cf2f3c3531eac9a5339bd7525761db85cb94db54fe6fd
Static task
static1
Behavioral task
behavioral1
Sample
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130.exe
Resource
win7-20220718-en
Malware Config
Extracted
vidar
15.5
533
http://steerdemens.com/
-
profile_id
533
Targets
-
-
Target
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
Size
939KB
-
MD5
c83d9e6e41902a70eb1b8f188cc8eb59
-
SHA1
a9827e9089a5011099d5755f5c9d6ef9afa2247e
-
SHA256
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
SHA512
dd3d54830e0131f968d3a7e4e9e285aea46688d6b509be3b715c2a8ba728fb3805e52247d0b67b622f3cf2f3c3531eac9a5339bd7525761db85cb94db54fe6fd
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-