General

  • Target

    5.exe

  • Size

    542KB

  • Sample

    210309-t9n572fdwe

  • MD5

    6a50d5e91b193be284aa02106ee35e97

  • SHA1

    097137cb64eb18ce55c13f1e841d5312d07fbbf4

  • SHA256

    82c1ccbd7db7615a982f7b8072784575972aff3f0ab4597efda9d2e7ca17b961

  • SHA512

    7f79ef4c3b2cd32e6e1fe6c64d1a693115789665f705144cb912500f25f669f28ac61f709d29057b66bf2a6c1f8376b3a8ef7ccb95668cabf2d15455745f1f03

Malware Config

Targets

    • Target

      5.exe

    • Size

      542KB

    • MD5

      6a50d5e91b193be284aa02106ee35e97

    • SHA1

      097137cb64eb18ce55c13f1e841d5312d07fbbf4

    • SHA256

      82c1ccbd7db7615a982f7b8072784575972aff3f0ab4597efda9d2e7ca17b961

    • SHA512

      7f79ef4c3b2cd32e6e1fe6c64d1a693115789665f705144cb912500f25f669f28ac61f709d29057b66bf2a6c1f8376b3a8ef7ccb95668cabf2d15455745f1f03

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks