General
-
Target
72b88baaca7dea6b02f0dee9b75c994f0d5d7c134fd90a663fc585b35821ad17
-
Size
1.5MB
-
Sample
210926-s96rmsfaaq
-
MD5
fe9b6a18c87a508fd07459847e553170
-
SHA1
a5f4f9acb73d742b254f2dffad83394249c755b6
-
SHA256
72b88baaca7dea6b02f0dee9b75c994f0d5d7c134fd90a663fc585b35821ad17
-
SHA512
8692b320c57dbd8cf60bfab9ff3a8d3a75f37a1e84d5a782247520f132ec6afe0d2575fdb91db2916d1aa654008977393b759b2b7a36585a316fa23479176450
Malware Config
Targets
-
-
Target
72b88baaca7dea6b02f0dee9b75c994f0d5d7c134fd90a663fc585b35821ad17
-
Size
1.5MB
-
MD5
fe9b6a18c87a508fd07459847e553170
-
SHA1
a5f4f9acb73d742b254f2dffad83394249c755b6
-
SHA256
72b88baaca7dea6b02f0dee9b75c994f0d5d7c134fd90a663fc585b35821ad17
-
SHA512
8692b320c57dbd8cf60bfab9ff3a8d3a75f37a1e84d5a782247520f132ec6afe0d2575fdb91db2916d1aa654008977393b759b2b7a36585a316fa23479176450
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-