General

  • Target

    FCA5226999C22181586934BE29988E4C.exe

  • Size

    592KB

  • Sample

    210417-13xvryhele

  • MD5

    fca5226999c22181586934be29988e4c

  • SHA1

    74d6a8570daa72c8890c1a2ef8794fce3f745d77

  • SHA256

    0ae68aad7f2c6857a95fba40fd7775bb060f082fd63a74eb9696921e9674680d

  • SHA512

    a5a26af44e86cc60e07fd35a0c9a3073274aebc3db0afa6619c314c1ce334aa2223ddd7709583835d7692508402855c6d32563c761b11ce890ceee140e6a5ffa

Malware Config

Targets

    • Target

      FCA5226999C22181586934BE29988E4C.exe

    • Size

      592KB

    • MD5

      fca5226999c22181586934be29988e4c

    • SHA1

      74d6a8570daa72c8890c1a2ef8794fce3f745d77

    • SHA256

      0ae68aad7f2c6857a95fba40fd7775bb060f082fd63a74eb9696921e9674680d

    • SHA512

      a5a26af44e86cc60e07fd35a0c9a3073274aebc3db0afa6619c314c1ce334aa2223ddd7709583835d7692508402855c6d32563c761b11ce890ceee140e6a5ffa

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks