General

  • Target

    5b2fce91cda0fa71818a683c57c88eb1533b70bcfb5e82b312757b3015d69801

  • Size

    1.5MB

  • Sample

    210923-phxg4seccl

  • MD5

    43ecb980e6e1db8f394af5b6d065eba6

  • SHA1

    36e05d72b5a9efd3e5283d46fb42f0d6204f2ed3

  • SHA256

    5b2fce91cda0fa71818a683c57c88eb1533b70bcfb5e82b312757b3015d69801

  • SHA512

    34062ccbb04992ee177cade1e218b608573fa9c2f0a073960aec3ea34b7140707127829f123fb3af7d7fd1448fc4d2a5958f9bf31833bf7047ff3d3271ecd04b

Malware Config

Extracted

Family

vidar

Version

41

Botnet

1013

C2

https://mas.to/@killern0

Attributes
  • profile_id

    1013

Targets

    • Target

      5b2fce91cda0fa71818a683c57c88eb1533b70bcfb5e82b312757b3015d69801

    • Size

      1.5MB

    • MD5

      43ecb980e6e1db8f394af5b6d065eba6

    • SHA1

      36e05d72b5a9efd3e5283d46fb42f0d6204f2ed3

    • SHA256

      5b2fce91cda0fa71818a683c57c88eb1533b70bcfb5e82b312757b3015d69801

    • SHA512

      34062ccbb04992ee177cade1e218b608573fa9c2f0a073960aec3ea34b7140707127829f123fb3af7d7fd1448fc4d2a5958f9bf31833bf7047ff3d3271ecd04b

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks