General

  • Target

    6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158

  • Size

    727KB

  • Sample

    211016-ee9yxscecj

  • MD5

    7c7a3d40efa697d3be43b11c669ac966

  • SHA1

    4a01a0f579ce63bc57c7c0a261a23a3ca6f423b6

  • SHA256

    6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158

  • SHA512

    335b85ed69bf669635152ae56423292d7f6acd061b76e473a62764dd99ed8c28c8a506aa1fbda5353e7e2f34a9f52a44125306cdf397f9a00a14d0c68f2d432d

Malware Config

Extracted

Family

vidar

Version

41.4

Botnet

1008

C2

https://mas.to/@sslam

Attributes
  • profile_id

    1008

Targets

    • Target

      6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158

    • Size

      727KB

    • MD5

      7c7a3d40efa697d3be43b11c669ac966

    • SHA1

      4a01a0f579ce63bc57c7c0a261a23a3ca6f423b6

    • SHA256

      6ae57b4ec34d41622265377788813ace084ef163b4a06602c8ed30925ac25158

    • SHA512

      335b85ed69bf669635152ae56423292d7f6acd061b76e473a62764dd99ed8c28c8a506aa1fbda5353e7e2f34a9f52a44125306cdf397f9a00a14d0c68f2d432d

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks