General
-
Target
212b12e2686111514455c97b689c8457.exe
-
Size
493KB
-
Sample
210313-qdx84l5wdx
-
MD5
212b12e2686111514455c97b689c8457
-
SHA1
2c39181e491ccea8f3eb1020b698bfaf57b31c15
-
SHA256
a8fe17654d8f2a952fee93bd6e78864ee4a2e766c92e6ba7dda2b0117e1ef97a
-
SHA512
cec5e902dce2dd4d70eef4ca835efa2704e49c434dd81e2b99100df76b1b095110e11b54ad5d2036d60f5378bf5fd637c5e0d36b7fcd3c0cd9cd77bc34c95346
Malware Config
Targets
-
-
Target
212b12e2686111514455c97b689c8457.exe
-
Size
493KB
-
MD5
212b12e2686111514455c97b689c8457
-
SHA1
2c39181e491ccea8f3eb1020b698bfaf57b31c15
-
SHA256
a8fe17654d8f2a952fee93bd6e78864ee4a2e766c92e6ba7dda2b0117e1ef97a
-
SHA512
cec5e902dce2dd4d70eef4ca835efa2704e49c434dd81e2b99100df76b1b095110e11b54ad5d2036d60f5378bf5fd637c5e0d36b7fcd3c0cd9cd77bc34c95346
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Deletes itself
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-