General

  • Target

    447a7b1d2e4b9de2b88753c04b5f4165f02d68c8771d01c34d9c9cde284f3270

  • Size

    1MB

  • Sample

    210926-r62g3sfab3

  • MD5

    ca80c5c31673ad58a561bcc3fde45295

  • SHA1

    925bd635607def8a33234e35112065a0bd86156f

  • SHA256

    447a7b1d2e4b9de2b88753c04b5f4165f02d68c8771d01c34d9c9cde284f3270

  • SHA512

    c37c1e5e860a3932f17e593d2092db33c329a5cc390805b51289fa625da751d2051afa1a559e287258ac4b88022e4b656121362e790c9c074b5dfaf51ead7b6d

Score
10/10

Malware Config

Targets

    • Target

      447a7b1d2e4b9de2b88753c04b5f4165f02d68c8771d01c34d9c9cde284f3270

    • Size

      1MB

    • MD5

      ca80c5c31673ad58a561bcc3fde45295

    • SHA1

      925bd635607def8a33234e35112065a0bd86156f

    • SHA256

      447a7b1d2e4b9de2b88753c04b5f4165f02d68c8771d01c34d9c9cde284f3270

    • SHA512

      c37c1e5e860a3932f17e593d2092db33c329a5cc390805b51289fa625da751d2051afa1a559e287258ac4b88022e4b656121362e790c9c074b5dfaf51ead7b6d

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks