General

  • Target

    52f511ffb17335169a70e2fa6c7ab93a3ed971423e6e15b8202559736fb187d4

  • Size

    743KB

  • Sample

    211013-lvlpladhg3

  • MD5

    77b2ebfa769bc042e7657b011becb1e0

  • SHA1

    385dcef4e46a0f83cc6e47e13a42ad34fd1988b7

  • SHA256

    52f511ffb17335169a70e2fa6c7ab93a3ed971423e6e15b8202559736fb187d4

  • SHA512

    272412f6ddab195d4f85d97207ed3237494199673520264ab7703ef4370fb7fd766029da491b6a26b96a58f73d634e990b2488f9f90fa97a3da3bb88d294de25

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      52f511ffb17335169a70e2fa6c7ab93a3ed971423e6e15b8202559736fb187d4

    • Size

      743KB

    • MD5

      77b2ebfa769bc042e7657b011becb1e0

    • SHA1

      385dcef4e46a0f83cc6e47e13a42ad34fd1988b7

    • SHA256

      52f511ffb17335169a70e2fa6c7ab93a3ed971423e6e15b8202559736fb187d4

    • SHA512

      272412f6ddab195d4f85d97207ed3237494199673520264ab7703ef4370fb7fd766029da491b6a26b96a58f73d634e990b2488f9f90fa97a3da3bb88d294de25

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks