General
-
Target
eufive_20211108-153742
-
Size
688KB
-
Sample
211108-sg1d6acce6
-
MD5
df5c929a24f6a713080eaa12c53c7695
-
SHA1
722100ba883007eba928a291557c6a4a286e5adb
-
SHA256
8a72cc0aa68a3a35324493ae1a5b30f134fe3359a21d02cc7da268354f115af8
-
SHA512
8fc31496b9c1b496afe13e2b564b9ae810423d11b106f2c4e44fce6ff0f536d54fb0a8dbfc192ba9f6215638ee4e23623c2a832c0be5ed9bbe84cc4f42193e37
Malware Config
Extracted
vidar
48
824
-
profile_id
824
Targets
-
-
Target
eufive_20211108-153742
-
Size
688KB
-
MD5
df5c929a24f6a713080eaa12c53c7695
-
SHA1
722100ba883007eba928a291557c6a4a286e5adb
-
SHA256
8a72cc0aa68a3a35324493ae1a5b30f134fe3359a21d02cc7da268354f115af8
-
SHA512
8fc31496b9c1b496afe13e2b564b9ae810423d11b106f2c4e44fce6ff0f536d54fb0a8dbfc192ba9f6215638ee4e23623c2a832c0be5ed9bbe84cc4f42193e37
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-