General

  • Target

    778202b3ab21bc6c566c5464762fbd1f.exe

  • Size

    354KB

  • Sample

    210520-6lhpjv9vs6

  • MD5

    778202b3ab21bc6c566c5464762fbd1f

  • SHA1

    308506cd3d0e96683bbd918aaa4abcbfd72c665d

  • SHA256

    c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72

  • SHA512

    798dfe932e0f9c4e29aa86501a91a6181cac4ad0c520e3e0ef7468212723e49a26913ea9f8eb7117daac50f15023f22ee13408be5d86d3ceca38fe8b12905729

Malware Config

Extracted

Family

vidar

Version

38.8

Botnet

719

C2

https://HAL9THapi.faceit.comlegomind

Attributes
  • profile_id

    719

Extracted

Family

cryptbot

C2

sogfvk42.top

mormyv04.top

Attributes
  • payload_url

    http://douive05.top/download.php?file=lv.exe

Targets

    • Target

      778202b3ab21bc6c566c5464762fbd1f.exe

    • Size

      354KB

    • MD5

      778202b3ab21bc6c566c5464762fbd1f

    • SHA1

      308506cd3d0e96683bbd918aaa4abcbfd72c665d

    • SHA256

      c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72

    • SHA512

      798dfe932e0f9c4e29aa86501a91a6181cac4ad0c520e3e0ef7468212723e49a26913ea9f8eb7117daac50f15023f22ee13408be5d86d3ceca38fe8b12905729

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks