General

  • Target

    52e52d784b2dbfd6cbf10f7ef2316608ef7b6f178b62a69d98ed4d5df2f740ae

  • Size

    727KB

  • Sample

    211016-jv1gmsbge3

  • MD5

    4b2f1a64f8f8622f88296ea1d673acae

  • SHA1

    8e9be0d1bf7bfd33c6ad000d4777926098072165

  • SHA256

    52e52d784b2dbfd6cbf10f7ef2316608ef7b6f178b62a69d98ed4d5df2f740ae

  • SHA512

    925014019049bce2896ac9ca789515e492df7cd3e3499075416e5961130c9753eef068b2b68abb978af2cef0c0166afcdfb9d6b6fff686a7bd830f30e4543cf4

Malware Config

Extracted

Family

vidar

Version

41.4

Botnet

1008

C2

https://mas.to/@sslam

Attributes
  • profile_id

    1008

Targets

    • Target

      52e52d784b2dbfd6cbf10f7ef2316608ef7b6f178b62a69d98ed4d5df2f740ae

    • Size

      727KB

    • MD5

      4b2f1a64f8f8622f88296ea1d673acae

    • SHA1

      8e9be0d1bf7bfd33c6ad000d4777926098072165

    • SHA256

      52e52d784b2dbfd6cbf10f7ef2316608ef7b6f178b62a69d98ed4d5df2f740ae

    • SHA512

      925014019049bce2896ac9ca789515e492df7cd3e3499075416e5961130c9753eef068b2b68abb978af2cef0c0166afcdfb9d6b6fff686a7bd830f30e4543cf4

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks