53449e22939579a701947875e7981805476ec97329772a943a4749e298aae9db

General
Target

53449e22939579a701947875e7981805476ec97329772a943a4749e298aae9db

Size

1MB

Sample

210926-raphmseghr

Score
10 /10
MD5

51adf944c1e83c96f703d3b667a8e910

SHA1

caf938de51387dcdf6f8aa5113547b2421de690f

SHA256

53449e22939579a701947875e7981805476ec97329772a943a4749e298aae9db

SHA512

7d4f8d601f674b28f787f4b21542bd26ce0e59bdace6e19a1849f9f17d88dbe40357f3fe801c9ade92eef0bd65d7e20e2dc13a9cdebcac2f7d66a63719471406

Malware Config
Targets
Target

53449e22939579a701947875e7981805476ec97329772a943a4749e298aae9db

MD5

51adf944c1e83c96f703d3b667a8e910

Filesize

1MB

Score
10 /10
SHA1

caf938de51387dcdf6f8aa5113547b2421de690f

SHA256

53449e22939579a701947875e7981805476ec97329772a943a4749e298aae9db

SHA512

7d4f8d601f674b28f787f4b21542bd26ce0e59bdace6e19a1849f9f17d88dbe40357f3fe801c9ade92eef0bd65d7e20e2dc13a9cdebcac2f7d66a63719471406

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10