b153a48172b1e3c4e93fdf40f704e4fa.exe

General
Target

b153a48172b1e3c4e93fdf40f704e4fa.exe

Size

2MB

Sample

210722-g8fw1kl6jj

Score
10 /10
MD5

b153a48172b1e3c4e93fdf40f704e4fa

SHA1

ff01494d36906e30b4a53ff9862420a3922cf7a1

SHA256

a66228e6a0b619a07070c311713d3630b53a89a3e7fdd4b871859e001e693329

SHA512

c0720863a43d3b924ca91d2d1bdc7330a351a9ea70a890c2b25b67a2075a8d177c1c234ca8fc60bbbcb4abe7ad9743d02957f055746e94bff81a644bf73bef11

Malware Config

Extracted

Family vidar
Version 39.7
Botnet 921
C2

https://shpak125.tumblr.com/

Attributes
profile_id
921
Targets
Target

b153a48172b1e3c4e93fdf40f704e4fa.exe

MD5

b153a48172b1e3c4e93fdf40f704e4fa

Filesize

2MB

Score
10 /10
SHA1

ff01494d36906e30b4a53ff9862420a3922cf7a1

SHA256

a66228e6a0b619a07070c311713d3630b53a89a3e7fdd4b871859e001e693329

SHA512

c0720863a43d3b924ca91d2d1bdc7330a351a9ea70a890c2b25b67a2075a8d177c1c234ca8fc60bbbcb4abe7ad9743d02957f055746e94bff81a644bf73bef11

Tags

Signatures

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1