General

  • Target

    6b83e9bcd24ef0fbce4de5bd13c00128ded16edd396b38cae7b81282c371b909

  • Size

    1.5MB

  • Sample

    210927-bmqy8sfeb7

  • MD5

    b2636a5d25142f4c2d6dd77725b86668

  • SHA1

    d159a0189889d632d49926d3a7174f1e7646d080

  • SHA256

    6b83e9bcd24ef0fbce4de5bd13c00128ded16edd396b38cae7b81282c371b909

  • SHA512

    ce4ed3f295a7578438e0da1aabbabe5caea5ded83bd5f10a8ccd1f9fb93d9bde68f7417d36666aeffd36df4ba0430cc46572cf6be53b7177bccbcc7269ec6c1f

Score
10/10

Malware Config

Targets

    • Target

      6b83e9bcd24ef0fbce4de5bd13c00128ded16edd396b38cae7b81282c371b909

    • Size

      1.5MB

    • MD5

      b2636a5d25142f4c2d6dd77725b86668

    • SHA1

      d159a0189889d632d49926d3a7174f1e7646d080

    • SHA256

      6b83e9bcd24ef0fbce4de5bd13c00128ded16edd396b38cae7b81282c371b909

    • SHA512

      ce4ed3f295a7578438e0da1aabbabe5caea5ded83bd5f10a8ccd1f9fb93d9bde68f7417d36666aeffd36df4ba0430cc46572cf6be53b7177bccbcc7269ec6c1f

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks