def4055093a8c99192cfd87e5dc5ead65ade8b59782aa7cd0044ef9fad8eb496

General
Target

def4055093a8c99192cfd87e5dc5ead65ade8b59782aa7cd0044ef9fad8eb496

Size

1MB

Sample

210926-qs6dfaeggq

Score
10 /10
MD5

fa0fc4e438328d168f869cf58bbd671f

SHA1

6f4f2a7b8e5c8cb7e01c81cfa80c400cfc1c8210

SHA256

def4055093a8c99192cfd87e5dc5ead65ade8b59782aa7cd0044ef9fad8eb496

SHA512

be5cee43ad9a624c51b8e45d27f0c5ad4007dc1f2a7aa38792ab913898fe305150bc5578454ded9a98b9ec2cafa0ec23eae08b396cbf4cc8483d1f2687837298

Malware Config
Targets
Target

def4055093a8c99192cfd87e5dc5ead65ade8b59782aa7cd0044ef9fad8eb496

MD5

fa0fc4e438328d168f869cf58bbd671f

Filesize

1MB

Score
10 /10
SHA1

6f4f2a7b8e5c8cb7e01c81cfa80c400cfc1c8210

SHA256

def4055093a8c99192cfd87e5dc5ead65ade8b59782aa7cd0044ef9fad8eb496

SHA512

be5cee43ad9a624c51b8e45d27f0c5ad4007dc1f2a7aa38792ab913898fe305150bc5578454ded9a98b9ec2cafa0ec23eae08b396cbf4cc8483d1f2687837298

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10