General

  • Target

    599bc55a2a4456639a074536160db880ba5b6b8a9b6e0fd5fe28c1fd08a3a6c2

  • Size

    608KB

  • Sample

    210923-pcvrbsebgp

  • MD5

    83ee887adb85f718446307f5e5afea0e

  • SHA1

    1947d14f6546fcc6e55dd490e02e7b93f18098fc

  • SHA256

    599bc55a2a4456639a074536160db880ba5b6b8a9b6e0fd5fe28c1fd08a3a6c2

  • SHA512

    a66a0df8290200d9b7616d8602bd3e11f0db5d7d26270066971c5872fa55fc4c5232c9350166a7ce6bc8e7b58dd4b1e3cc636668755dece7247eb56c8f57167d

Malware Config

Extracted

Family

vidar

Version

41

Botnet

1008

C2

https://mas.to/@killern0

Attributes
  • profile_id

    1008

Targets

    • Target

      599bc55a2a4456639a074536160db880ba5b6b8a9b6e0fd5fe28c1fd08a3a6c2

    • Size

      608KB

    • MD5

      83ee887adb85f718446307f5e5afea0e

    • SHA1

      1947d14f6546fcc6e55dd490e02e7b93f18098fc

    • SHA256

      599bc55a2a4456639a074536160db880ba5b6b8a9b6e0fd5fe28c1fd08a3a6c2

    • SHA512

      a66a0df8290200d9b7616d8602bd3e11f0db5d7d26270066971c5872fa55fc4c5232c9350166a7ce6bc8e7b58dd4b1e3cc636668755dece7247eb56c8f57167d

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks