General

  • Target

    21ccef2f0c663e5867ee090333b8206e.exe

  • Size

    1.6MB

  • Sample

    210401-dde3pvta6j

  • MD5

    21ccef2f0c663e5867ee090333b8206e

  • SHA1

    e37e51fb105119a52af3d015fd96eda7a480232b

  • SHA256

    f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

  • SHA512

    fc079ed52b9c48fb137b92c84b61e8d4f5d34acd17b4c2326cc821cb977ff70fc50caeff984660f345faf360500fdb290065ceacfbcd51622b6538b0051b86d1

Score
10/10

Malware Config

Targets

    • Target

      21ccef2f0c663e5867ee090333b8206e.exe

    • Size

      1.6MB

    • MD5

      21ccef2f0c663e5867ee090333b8206e

    • SHA1

      e37e51fb105119a52af3d015fd96eda7a480232b

    • SHA256

      f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

    • SHA512

      fc079ed52b9c48fb137b92c84b61e8d4f5d34acd17b4c2326cc821cb977ff70fc50caeff984660f345faf360500fdb290065ceacfbcd51622b6538b0051b86d1

    Score
    10/10
    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks