General

  • Target

    64d404fab6f1d42f4efefcfc2906612645e4719aa5688d57766b1649d2e055ff

  • Size

    1.5MB

  • Sample

    210926-q4vq3seghl

  • MD5

    43f47626b7350842687e7eb222895555

  • SHA1

    d98e4d09deadf6fac2bed2ecd515a48435f13569

  • SHA256

    64d404fab6f1d42f4efefcfc2906612645e4719aa5688d57766b1649d2e055ff

  • SHA512

    e5699aa34d41295ef936f258ef8a1eade7cfde302823a3f33f93f7ae602dd964fb637c09613f314b5a9f01bddc7d96a8467322af4e84e39ac588e2c60106539c

Score
10/10

Malware Config

Targets

    • Target

      64d404fab6f1d42f4efefcfc2906612645e4719aa5688d57766b1649d2e055ff

    • Size

      1.5MB

    • MD5

      43f47626b7350842687e7eb222895555

    • SHA1

      d98e4d09deadf6fac2bed2ecd515a48435f13569

    • SHA256

      64d404fab6f1d42f4efefcfc2906612645e4719aa5688d57766b1649d2e055ff

    • SHA512

      e5699aa34d41295ef936f258ef8a1eade7cfde302823a3f33f93f7ae602dd964fb637c09613f314b5a9f01bddc7d96a8467322af4e84e39ac588e2c60106539c

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks