vidar | c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136 | Triage

Submit
Reports

Overview

overview

Static

static

c160cb769b...36.exe

windows7-x64

c160cb769b...36.exe

windows10-2004-x64

Sharing

General

Target

c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136
Size

557KB
Sample

220725-e8qgdafbal
MD5

033c29be1dfc36591fbd7504a226a218
SHA1

50ebe18622f19e87bdf2f40d95fbab1872139307
SHA256

c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136
SHA512

0d2d282b85899054a0ba284203488ed1cca7ef54a5d92d2a3301e15e720edd91837bd5049160cf85b7fa712534bc245fd69c0d8b4672d8c7ef4381b11a6c5d97

Score

10^/10

vidar 93 stealer suricata

Static task

static1

stealer 93 vidar

2 signatures

Behavioral task

behavioral1

Sample

c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136.exe

Resource

win7-20220718-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

93

C2

http://search.ac.ug/

Attributes

profile_id
93

Targets

- Target
  
  c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136
- Size
  
  557KB
- MD5
  
  033c29be1dfc36591fbd7504a226a218
- SHA1
  
  50ebe18622f19e87bdf2f40d95fbab1872139307
- SHA256
  
  c160cb769bfb707ff6767ab01991c4cc108faae8fd550c8691fc95d21365b136
- SHA512
  
  0d2d282b85899054a0ba284203488ed1cca7ef54a5d92d2a3301e15e720edd91837bd5049160cf85b7fa712534bc245fd69c0d8b4672d8c7ef4381b11a6c5d97
Score

10^/10

suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy