General

  • Target

    b93543cd68fd2179f29e0563f19b3480.exe

  • Size

    610KB

  • Sample

    210423-p65ehr2zfx

  • MD5

    b93543cd68fd2179f29e0563f19b3480

  • SHA1

    0fb06db1ccff7c80160591ffed3517f198b2d3d0

  • SHA256

    efdb5e9fdd74b02096b66c5fa2a68de20af19f069f1f18d4cad5ddd06c0776b3

  • SHA512

    0ea256a44a3e7cd62e8fea5070b001688f69cedb346c15996e7352459e5621ae6ae9bf53996ff52081842c63d0edd409258875ad91cb9eb2e339f55c30554806

Malware Config

Targets

    • Target

      b93543cd68fd2179f29e0563f19b3480.exe

    • Size

      610KB

    • MD5

      b93543cd68fd2179f29e0563f19b3480

    • SHA1

      0fb06db1ccff7c80160591ffed3517f198b2d3d0

    • SHA256

      efdb5e9fdd74b02096b66c5fa2a68de20af19f069f1f18d4cad5ddd06c0776b3

    • SHA512

      0ea256a44a3e7cd62e8fea5070b001688f69cedb346c15996e7352459e5621ae6ae9bf53996ff52081842c63d0edd409258875ad91cb9eb2e339f55c30554806

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks