General

  • Target

    93b8c92774b797cde7eff30fa80b7273841b2aad6b6184f23163f26494203ee7

  • Size

    1.5MB

  • Sample

    210926-1xdjbsfcfm

  • MD5

    f776f9ec3ac28a056424b23589dfdaca

  • SHA1

    33b13adbdecf733909bc6ab961e441a1b12d1106

  • SHA256

    93b8c92774b797cde7eff30fa80b7273841b2aad6b6184f23163f26494203ee7

  • SHA512

    2213b5433625e02e12ba4ed9214f48881232af7e33eadc013e8a49f3572329538f71fa675ff69a35fca0f55625135edf779bece6184b2e1bf7ea929d4b1f6cf7

Score
10/10

Malware Config

Targets

    • Target

      93b8c92774b797cde7eff30fa80b7273841b2aad6b6184f23163f26494203ee7

    • Size

      1.5MB

    • MD5

      f776f9ec3ac28a056424b23589dfdaca

    • SHA1

      33b13adbdecf733909bc6ab961e441a1b12d1106

    • SHA256

      93b8c92774b797cde7eff30fa80b7273841b2aad6b6184f23163f26494203ee7

    • SHA512

      2213b5433625e02e12ba4ed9214f48881232af7e33eadc013e8a49f3572329538f71fa675ff69a35fca0f55625135edf779bece6184b2e1bf7ea929d4b1f6cf7

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks