General

  • Target

    edaeaa7300c48003a6005ed058070282a57009d055befce2825b721c2cb2285d

  • Size

    1.5MB

  • Sample

    210926-sbq9asfac7

  • MD5

    02272385b10915db2ae0475ea9dd7a76

  • SHA1

    cc002ba4df9a8915f0a0cd1b088a99ab0881dd79

  • SHA256

    edaeaa7300c48003a6005ed058070282a57009d055befce2825b721c2cb2285d

  • SHA512

    e201241137aa8ff3be00b86fb1b9bd81ef178264b104607ffb0116126d69caebe42ac167696827912efe16df257d37e9b5c49815f4908365e6761280ce478faa

Score
10/10

Malware Config

Targets

    • Target

      edaeaa7300c48003a6005ed058070282a57009d055befce2825b721c2cb2285d

    • Size

      1.5MB

    • MD5

      02272385b10915db2ae0475ea9dd7a76

    • SHA1

      cc002ba4df9a8915f0a0cd1b088a99ab0881dd79

    • SHA256

      edaeaa7300c48003a6005ed058070282a57009d055befce2825b721c2cb2285d

    • SHA512

      e201241137aa8ff3be00b86fb1b9bd81ef178264b104607ffb0116126d69caebe42ac167696827912efe16df257d37e9b5c49815f4908365e6761280ce478faa

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks