General

  • Target

    f2d2b846d5e7dcb78b8fb8c2b514fdf5.exe

  • Size

    642KB

  • Sample

    210507-1flzzbqbea

  • MD5

    f2d2b846d5e7dcb78b8fb8c2b514fdf5

  • SHA1

    be5d9d877c495eae40b30917380111691f636e5a

  • SHA256

    7ab3f26484a6668bdd10719916266d661d8ab4a9ae3f68b708b8154a593b110a

  • SHA512

    b41d208df919195dee3ed8642b44dda039f03d8e836ddb391ac847fe3c68ea2fad5e9487d79919a56bf6d891172de591933c7db8606651a0045e4ced9af55b6a

Malware Config

Extracted

Family

vidar

Version

38.7

Botnet

890

C2

https://HAL9THapi.faceit.comramilgame

Attributes
  • profile_id

    890

Targets

    • Target

      f2d2b846d5e7dcb78b8fb8c2b514fdf5.exe

    • Size

      642KB

    • MD5

      f2d2b846d5e7dcb78b8fb8c2b514fdf5

    • SHA1

      be5d9d877c495eae40b30917380111691f636e5a

    • SHA256

      7ab3f26484a6668bdd10719916266d661d8ab4a9ae3f68b708b8154a593b110a

    • SHA512

      b41d208df919195dee3ed8642b44dda039f03d8e836ddb391ac847fe3c68ea2fad5e9487d79919a56bf6d891172de591933c7db8606651a0045e4ced9af55b6a

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks