General
-
Target
d079d78151b3a1cfd37b85a2da578363c86e469730f0997cb3a9e205d8e4e5b9
-
Size
636KB
-
Sample
211012-r1wdwacdgl
-
MD5
67b9e0eacca68c216330a06174027be5
-
SHA1
29b1f21595303af9ebd10953be74e0c524fcf799
-
SHA256
d079d78151b3a1cfd37b85a2da578363c86e469730f0997cb3a9e205d8e4e5b9
-
SHA512
2eb63efd7e90269093f2ed09221d3d939a3af87537b86c68e6e308cd9b5ae19c7a8de1683d47a52e459b23229e9ad5c45a5b0a8e03b6a081ba982af13d9a4690
Malware Config
Extracted
vidar
41.3
1008
https://mas.to/@oleg98
-
profile_id
1008
Targets
-
-
Target
d079d78151b3a1cfd37b85a2da578363c86e469730f0997cb3a9e205d8e4e5b9
-
Size
636KB
-
MD5
67b9e0eacca68c216330a06174027be5
-
SHA1
29b1f21595303af9ebd10953be74e0c524fcf799
-
SHA256
d079d78151b3a1cfd37b85a2da578363c86e469730f0997cb3a9e205d8e4e5b9
-
SHA512
2eb63efd7e90269093f2ed09221d3d939a3af87537b86c68e6e308cd9b5ae19c7a8de1683d47a52e459b23229e9ad5c45a5b0a8e03b6a081ba982af13d9a4690
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-