General

  • Target

    e2969c6b371439020ebcabcbe5d0124e.exe

  • Size

    681KB

  • Sample

    210508-rjfgcjyacs

  • MD5

    e2969c6b371439020ebcabcbe5d0124e

  • SHA1

    0672999707beb9b98478d1434169118d06a97701

  • SHA256

    57dff4d4cb63afb347c9e87ae2009047e4f4afe8059418cace04bd4d9c693ad6

  • SHA512

    b3276166cb71c126417620e2a94d4e54515478cc122abf33b1804e6bb62a5871b29afde43c114010d16564726a67fa8c17d5dc22698ced2c4cc3f371cf122c8e

Malware Config

Extracted

Family

vidar

Version

38.7

Botnet

890

C2

https://HAL9THapi.faceit.comramilgame

Attributes
  • profile_id

    890

Targets

    • Target

      e2969c6b371439020ebcabcbe5d0124e.exe

    • Size

      681KB

    • MD5

      e2969c6b371439020ebcabcbe5d0124e

    • SHA1

      0672999707beb9b98478d1434169118d06a97701

    • SHA256

      57dff4d4cb63afb347c9e87ae2009047e4f4afe8059418cace04bd4d9c693ad6

    • SHA512

      b3276166cb71c126417620e2a94d4e54515478cc122abf33b1804e6bb62a5871b29afde43c114010d16564726a67fa8c17d5dc22698ced2c4cc3f371cf122c8e

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

4
T1005

Tasks