General

  • Target

    9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

  • Size

    674KB

  • Sample

    211014-ge1flagce5

  • MD5

    ce07bd4dd9d87e19fabcdd85676ace23

  • SHA1

    cf2fc90c545af5af34f8fd56b899c51025345034

  • SHA256

    9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

  • SHA512

    ecd790303bb8af3437e891438531794b06595594ee79c91fc90fd13f71eed539fd730e72ae277af7e0926bb0131d5ac0c9f83caee6189febd1e0d7f7264af691

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

    • Size

      674KB

    • MD5

      ce07bd4dd9d87e19fabcdd85676ace23

    • SHA1

      cf2fc90c545af5af34f8fd56b899c51025345034

    • SHA256

      9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

    • SHA512

      ecd790303bb8af3437e891438531794b06595594ee79c91fc90fd13f71eed539fd730e72ae277af7e0926bb0131d5ac0c9f83caee6189febd1e0d7f7264af691

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks