fe0ef8d3c43389512c46db9c0f3fb15a6c62c4a80f8557cdaa5471b9814d432a

General
Target

fe0ef8d3c43389512c46db9c0f3fb15a6c62c4a80f8557cdaa5471b9814d432a

Size

1MB

Sample

210926-qw89haeggr

Score
10 /10
MD5

7998a814f013a1801c9899b3207310b5

SHA1

5090ce347617b54d4ca24b0d6bdf3906c7f43e28

SHA256

fe0ef8d3c43389512c46db9c0f3fb15a6c62c4a80f8557cdaa5471b9814d432a

SHA512

1b565d4b5b4a65fdb6d394690d73567898150e3ac14fce38ca2cf125dd83563be42c10133ba1f024bf0de1f73b7a263a6ca7b906d7a51f2e9de789936f58d637

Malware Config
Targets
Target

fe0ef8d3c43389512c46db9c0f3fb15a6c62c4a80f8557cdaa5471b9814d432a

MD5

7998a814f013a1801c9899b3207310b5

Filesize

1MB

Score
10/10
SHA1

5090ce347617b54d4ca24b0d6bdf3906c7f43e28

SHA256

fe0ef8d3c43389512c46db9c0f3fb15a6c62c4a80f8557cdaa5471b9814d432a

SHA512

1b565d4b5b4a65fdb6d394690d73567898150e3ac14fce38ca2cf125dd83563be42c10133ba1f024bf0de1f73b7a263a6ca7b906d7a51f2e9de789936f58d637

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10