General

  • Target

    af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a

  • Size

    667KB

  • Sample

    211014-n1f3eaacan

  • MD5

    5fec596842af6b979cbaf31798895f21

  • SHA1

    b63e7a083754245b3206ab3c90a2999531f3ebcf

  • SHA256

    af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a

  • SHA512

    1549aba765a4ee9cdb7ad16531dbfbff02e93b09d7a9188de846c1a8649967e4bb6fd17028873ffa988fd19237b3a31876138ff73bf4cb01b82b4b0be0e448d8

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a

    • Size

      667KB

    • MD5

      5fec596842af6b979cbaf31798895f21

    • SHA1

      b63e7a083754245b3206ab3c90a2999531f3ebcf

    • SHA256

      af5636b06f70edbdcbdc5ab4295b1f5946ddd46f1ca4c411347fe47cfe54dd6a

    • SHA512

      1549aba765a4ee9cdb7ad16531dbfbff02e93b09d7a9188de846c1a8649967e4bb6fd17028873ffa988fd19237b3a31876138ff73bf4cb01b82b4b0be0e448d8

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks