General

  • Target

    f4c14ff2a368f1aa40bbb94534239a1cc95fe94244b2a464a2f56708067e574a

  • Size

    744KB

  • Sample

    211013-hqya2sdeck

  • MD5

    483ec635976f2363771978cdb0382c8c

  • SHA1

    180cec6ae4b51a50fe4d05e273af5ae5d4a10a90

  • SHA256

    f4c14ff2a368f1aa40bbb94534239a1cc95fe94244b2a464a2f56708067e574a

  • SHA512

    87832dc437c53fb1d3763a413b4dcb9b1d1910f0439109e270b8ea1df4bc534bd36d9bb698616bd5f32aaaa65ef5b4492d310f28d373d9bdbfb1d551e691f154

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      f4c14ff2a368f1aa40bbb94534239a1cc95fe94244b2a464a2f56708067e574a

    • Size

      744KB

    • MD5

      483ec635976f2363771978cdb0382c8c

    • SHA1

      180cec6ae4b51a50fe4d05e273af5ae5d4a10a90

    • SHA256

      f4c14ff2a368f1aa40bbb94534239a1cc95fe94244b2a464a2f56708067e574a

    • SHA512

      87832dc437c53fb1d3763a413b4dcb9b1d1910f0439109e270b8ea1df4bc534bd36d9bb698616bd5f32aaaa65ef5b4492d310f28d373d9bdbfb1d551e691f154

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks