General
-
Target
0bc97a36dc6135fc7a69c90c1c303439.exe
-
Size
585KB
-
Sample
210928-g4b5asahcl
-
MD5
0bc97a36dc6135fc7a69c90c1c303439
-
SHA1
a3508e80c4e9bd20c04114c599be634107a49952
-
SHA256
7859d00a4fe195ff6eee7795be34ee9a351a0445acf0639cd999e9a3767dd1df
-
SHA512
67a8a4f9d33789460f677fd30e450673b564c6bcf09fdddac0a1932a0c42237c296d6d1f10f01bf4d6a1cb6641846a342d1798badc575bdfff2ac8ab37dfb0a3
Static task
static1
Behavioral task
behavioral1
Sample
0bc97a36dc6135fc7a69c90c1c303439.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
0bc97a36dc6135fc7a69c90c1c303439.exe
-
Size
585KB
-
MD5
0bc97a36dc6135fc7a69c90c1c303439
-
SHA1
a3508e80c4e9bd20c04114c599be634107a49952
-
SHA256
7859d00a4fe195ff6eee7795be34ee9a351a0445acf0639cd999e9a3767dd1df
-
SHA512
67a8a4f9d33789460f677fd30e450673b564c6bcf09fdddac0a1932a0c42237c296d6d1f10f01bf4d6a1cb6641846a342d1798badc575bdfff2ac8ab37dfb0a3
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-