c309d31a1e63d91902f57babfc2ef7a8.exe

General
Target

c309d31a1e63d91902f57babfc2ef7a8.exe

Size

562KB

Sample

210421-y8mag4eexj

Score
10 /10
MD5

c309d31a1e63d91902f57babfc2ef7a8

SHA1

b44dd52e92b0d9eb6e7a4b242819f0687e137d03

SHA256

942f4661c17b49061467e305b9d5fe5be2a061f1def29bec379c7588149dc6e1

SHA512

f7eacc9181e6704f9196387e83710fb5b01b1194ce339e2522a442cb55e6d3b7712bcc05f97ec608cd1b378ddaf56adac11a716429d136c32ba6d79e2f83c682

Malware Config
Targets
Target

c309d31a1e63d91902f57babfc2ef7a8.exe

MD5

c309d31a1e63d91902f57babfc2ef7a8

Filesize

562KB

Score
10 /10
SHA1

b44dd52e92b0d9eb6e7a4b242819f0687e137d03

SHA256

942f4661c17b49061467e305b9d5fe5be2a061f1def29bec379c7588149dc6e1

SHA512

f7eacc9181e6704f9196387e83710fb5b01b1194ce339e2522a442cb55e6d3b7712bcc05f97ec608cd1b378ddaf56adac11a716429d136c32ba6d79e2f83c682

Tags

Signatures

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  10/10