882474e35ffa66481e4542ab40df68743086d46744a74c7fadf69135a9564346

General
Target

882474e35ffa66481e4542ab40df68743086d46744a74c7fadf69135a9564346

Size

2MB

Sample

211125-t5mnmsbbc9

Score
10 /10
MD5

e69797b794aabfb8bf7e71798e576d68

SHA1

41fd0fe5ab3cd3d6c75073afc548282337fccd49

SHA256

882474e35ffa66481e4542ab40df68743086d46744a74c7fadf69135a9564346

SHA512

1538482c0fb05ad94c0f5bd32658cd0f0d9264926064d631025de83abdae14d651b27cfcb4e785d70e06b2f99c527f48a84ea97790036c88593f2d94817d3a70

Malware Config

Extracted

Family vidar
Version 48.7
Botnet 869
C2

https://mstdn.social/@anapa

https://mastodon.social/@mniami

Attributes
profile_id
869
Targets
Target

882474e35ffa66481e4542ab40df68743086d46744a74c7fadf69135a9564346

MD5

e69797b794aabfb8bf7e71798e576d68

Filesize

2MB

Score
10/10
SHA1

41fd0fe5ab3cd3d6c75073afc548282337fccd49

SHA256

882474e35ffa66481e4542ab40df68743086d46744a74c7fadf69135a9564346

SHA512

1538482c0fb05ad94c0f5bd32658cd0f0d9264926064d631025de83abdae14d651b27cfcb4e785d70e06b2f99c527f48a84ea97790036c88593f2d94817d3a70

Tags

Signatures

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1