General

  • Target

    d74c12e6619a1f5e11195a821bb41310.exe

  • Size

    640KB

  • Sample

    210507-vdcgy23qys

  • MD5

    d74c12e6619a1f5e11195a821bb41310

  • SHA1

    f3301b91851659505b10536f566443e6b5a29bb4

  • SHA256

    177b833837d5cf031a7cdce1c9ac93fe81b648e8f57092a6554ad10fabf78af1

  • SHA512

    06016b8094655e25630680b5558227cea566f68d2691a0d67e74f0e4d3d900ab0be3f182645153bf4932bbd5247cae995b7f58de304850bec2721a4eb5ca4188

Malware Config

Extracted

Family

vidar

Version

38.7

Botnet

890

C2

https://HAL9THapi.faceit.comramilgame

Attributes
  • profile_id

    890

Targets

    • Target

      d74c12e6619a1f5e11195a821bb41310.exe

    • Size

      640KB

    • MD5

      d74c12e6619a1f5e11195a821bb41310

    • SHA1

      f3301b91851659505b10536f566443e6b5a29bb4

    • SHA256

      177b833837d5cf031a7cdce1c9ac93fe81b648e8f57092a6554ad10fabf78af1

    • SHA512

      06016b8094655e25630680b5558227cea566f68d2691a0d67e74f0e4d3d900ab0be3f182645153bf4932bbd5247cae995b7f58de304850bec2721a4eb5ca4188

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks