General
-
Target
5683120798072832.zip
-
Size
450KB
-
Sample
210915-rvrthadhbm
-
MD5
5e80d3b4a91f24d7cd79c29bb97f2564
-
SHA1
e3530d2fa040b5374dfa7da22d4cc2bf3e49fd14
-
SHA256
495b5aa5c98799441ff007eae6a312366b1dc244ba8ef3ddf23ca5ffabf584ed
-
SHA512
075be3e2744889d5191a35fa726326f165f5add7caf69fa5cc1ed142b48664637a8b51f6dcd09734470287fd6d597b1b7d5ce6a136ba4b9af23219b193dd1072
Malware Config
Extracted
vidar
26.1
237
http://centos10.com/
-
profile_id
237
Targets
-
-
Target
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127
-
Size
594KB
-
MD5
c25627d082399616d43b9ff5c66de1df
-
SHA1
0d31624229601b16d037e22f8a204d3701d7540a
-
SHA256
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127
-
SHA512
ee854ed5325c8de6aa68c9a3625d0e56d37f40302f1525c31df75b273bc12c59a46bd5bd736400821596b8fe068ef12a67900abaf06dafdec98c7f891f6bca09
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-