General
-
Target
309acd18ec9dcb314bb6ef3b7cd55bb2b1680d97af9eaa0ff0af361378dc17e8
-
Size
593KB
-
Sample
210926-wexf9sfbam
-
MD5
daa64c31e0fa27f36a1b7d9672997589
-
SHA1
492e4403628d90f1dff84e91b48163e78e8490d3
-
SHA256
309acd18ec9dcb314bb6ef3b7cd55bb2b1680d97af9eaa0ff0af361378dc17e8
-
SHA512
0522cf840e96b2497b2ee8bf4017936fb0f6191217cc22a2b444614d1249b66dfd31f3b042551f90987de8002d8f851bc0fe5119fb9b2b600f6069b6adb2e23d
Malware Config
Targets
-
-
Target
309acd18ec9dcb314bb6ef3b7cd55bb2b1680d97af9eaa0ff0af361378dc17e8
-
Size
593KB
-
MD5
daa64c31e0fa27f36a1b7d9672997589
-
SHA1
492e4403628d90f1dff84e91b48163e78e8490d3
-
SHA256
309acd18ec9dcb314bb6ef3b7cd55bb2b1680d97af9eaa0ff0af361378dc17e8
-
SHA512
0522cf840e96b2497b2ee8bf4017936fb0f6191217cc22a2b444614d1249b66dfd31f3b042551f90987de8002d8f851bc0fe5119fb9b2b600f6069b6adb2e23d
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-