General
-
Target
53966516598a7e8a22fe9616011413e2e9d04a0c2e667466178133aa746d4712
-
Size
658KB
-
Sample
210921-lnq1qshaf5
-
MD5
9af7cf75e6bf4c04d4a7064508e0f99d
-
SHA1
4174fe792f747f706e4d9c16234a76c74ea1f2b0
-
SHA256
53966516598a7e8a22fe9616011413e2e9d04a0c2e667466178133aa746d4712
-
SHA512
31eafa44e0c3d81fa21442b3b27be185b1acb56c16d81b54fefe8155cb10b2978d753db8a3bae168172436e83530db38b8faca1aab14c19bb7ad1f5791ffe78a
Malware Config
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
53966516598a7e8a22fe9616011413e2e9d04a0c2e667466178133aa746d4712
-
Size
658KB
-
MD5
9af7cf75e6bf4c04d4a7064508e0f99d
-
SHA1
4174fe792f747f706e4d9c16234a76c74ea1f2b0
-
SHA256
53966516598a7e8a22fe9616011413e2e9d04a0c2e667466178133aa746d4712
-
SHA512
31eafa44e0c3d81fa21442b3b27be185b1acb56c16d81b54fefe8155cb10b2978d753db8a3bae168172436e83530db38b8faca1aab14c19bb7ad1f5791ffe78a
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-