General

  • Target

    80dd750a591bb59a1d18e653d1039e2026dd39a04278798ff7fd726794e6c116

  • Size

    656KB

  • Sample

    210926-q6xnfsehf4

  • MD5

    0592799e8f216eb47be725ca14236d27

  • SHA1

    a4cdc0a9fc63ef9dec3a4ca6989e46a441f81cc3

  • SHA256

    80dd750a591bb59a1d18e653d1039e2026dd39a04278798ff7fd726794e6c116

  • SHA512

    8aba129d32b19fe6c08dab9aa1170517c998bc05e41a282ec2783459662f0bf30c179e8d7c6cdd458ef231515e941ed0b49b098033d0cc32f9ff791daefb6c32

Malware Config

Targets

    • Target

      80dd750a591bb59a1d18e653d1039e2026dd39a04278798ff7fd726794e6c116

    • Size

      656KB

    • MD5

      0592799e8f216eb47be725ca14236d27

    • SHA1

      a4cdc0a9fc63ef9dec3a4ca6989e46a441f81cc3

    • SHA256

      80dd750a591bb59a1d18e653d1039e2026dd39a04278798ff7fd726794e6c116

    • SHA512

      8aba129d32b19fe6c08dab9aa1170517c998bc05e41a282ec2783459662f0bf30c179e8d7c6cdd458ef231515e941ed0b49b098033d0cc32f9ff791daefb6c32

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks