General
-
Target
f834738127238a52e91b35ee95ce880413957710c2381bc741003821690192e8
-
Size
2.2MB
-
Sample
211117-ncq8gaggfp
-
MD5
3e2a66c674f18aa892ec7a9883164596
-
SHA1
94a37bce5329b88a8e79f9006769b3d873741eae
-
SHA256
f834738127238a52e91b35ee95ce880413957710c2381bc741003821690192e8
-
SHA512
bc6adaa118cca8dd53e398bcdabeda7b743fb555d19fc1e5a2e5df1707a0ca909e1d22595328902eca7aafe53f366a6b64d4c8d8da8a30a9c42d2db9fb66b438
Malware Config
Extracted
vidar
48.6
869
https://mastodon.online/@valhalla
https://koyu.space/@valhalla
-
profile_id
869
Targets
-
-
Target
f834738127238a52e91b35ee95ce880413957710c2381bc741003821690192e8
-
Size
2.2MB
-
MD5
3e2a66c674f18aa892ec7a9883164596
-
SHA1
94a37bce5329b88a8e79f9006769b3d873741eae
-
SHA256
f834738127238a52e91b35ee95ce880413957710c2381bc741003821690192e8
-
SHA512
bc6adaa118cca8dd53e398bcdabeda7b743fb555d19fc1e5a2e5df1707a0ca909e1d22595328902eca7aafe53f366a6b64d4c8d8da8a30a9c42d2db9fb66b438
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-