General

  • Target

    5dcf6b7fd4c5338b59ad310d03e709fe8bd341da0a0f486b585963e727e28df9

  • Size

    725KB

  • Sample

    211015-grmp9safa2

  • MD5

    225fab509f18ac82c1164e3b4ae0d264

  • SHA1

    b1192caa3d81a8edf63145db09e7a3e839ed17bd

  • SHA256

    5dcf6b7fd4c5338b59ad310d03e709fe8bd341da0a0f486b585963e727e28df9

  • SHA512

    04b02c1a8769e14416392f0e2817eed02347c3c49c590426791ad110ae622ce4277e5d41ff6932b176ff3dd5deafc7ab35b201c502090394bbe79607bb3b7c05

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      5dcf6b7fd4c5338b59ad310d03e709fe8bd341da0a0f486b585963e727e28df9

    • Size

      725KB

    • MD5

      225fab509f18ac82c1164e3b4ae0d264

    • SHA1

      b1192caa3d81a8edf63145db09e7a3e839ed17bd

    • SHA256

      5dcf6b7fd4c5338b59ad310d03e709fe8bd341da0a0f486b585963e727e28df9

    • SHA512

      04b02c1a8769e14416392f0e2817eed02347c3c49c590426791ad110ae622ce4277e5d41ff6932b176ff3dd5deafc7ab35b201c502090394bbe79607bb3b7c05

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks