9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

General
Target

9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

Size

674KB

Sample

211014-ge1flagce5

Score
10 /10
MD5

ce07bd4dd9d87e19fabcdd85676ace23

SHA1

cf2fc90c545af5af34f8fd56b899c51025345034

SHA256

9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

SHA512

ecd790303bb8af3437e891438531794b06595594ee79c91fc90fd13f71eed539fd730e72ae277af7e0926bb0131d5ac0c9f83caee6189febd1e0d7f7264af691

Malware Config

Extracted

Family vidar
Version 41.3
Botnet 1008
C2

https://mas.to/@oleg98

Attributes
profile_id
1008
Targets
Target

9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

MD5

ce07bd4dd9d87e19fabcdd85676ace23

Filesize

674KB

Score
10 /10
SHA1

cf2fc90c545af5af34f8fd56b899c51025345034

SHA256

9b87110a063ad611c3f40b1552fd576584b275eda8389a21ce04e12481deba9e

SHA512

ecd790303bb8af3437e891438531794b06595594ee79c91fc90fd13f71eed539fd730e72ae277af7e0926bb0131d5ac0c9f83caee6189febd1e0d7f7264af691

Tags

Signatures

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1