General
-
Target
ed73e6338b76032651e8a6387c453642bb49c80e387477b8f93bc1cd5643eaaa
-
Size
658KB
-
Sample
210921-qsd9yshfd5
-
MD5
f185a11018a6a43ce9f7daf39125dcb5
-
SHA1
a6b978a41706d74aaa273758dcc6725d10d43f15
-
SHA256
ed73e6338b76032651e8a6387c453642bb49c80e387477b8f93bc1cd5643eaaa
-
SHA512
0a5c653711f3bb75f3c2562c23f67d81e3e0732f9ccc71009225be32dd1037c19fb2462c1659146085d388441e431ea3fa4641f29acaa585cd421020421d6dbd
Malware Config
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
ed73e6338b76032651e8a6387c453642bb49c80e387477b8f93bc1cd5643eaaa
-
Size
658KB
-
MD5
f185a11018a6a43ce9f7daf39125dcb5
-
SHA1
a6b978a41706d74aaa273758dcc6725d10d43f15
-
SHA256
ed73e6338b76032651e8a6387c453642bb49c80e387477b8f93bc1cd5643eaaa
-
SHA512
0a5c653711f3bb75f3c2562c23f67d81e3e0732f9ccc71009225be32dd1037c19fb2462c1659146085d388441e431ea3fa4641f29acaa585cd421020421d6dbd
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-