General
-
Target
eufive_20211227-092632
-
Size
765KB
-
Sample
211227-les4qsbadp
-
MD5
b750620da53c5c24faf440f74af0dc6e
-
SHA1
3f5f63d9019070e91b80dfd6f67fd54e0e8657c4
-
SHA256
733bcce9cbb0ebe6df9221af81224be387642e58edcb21fbf71a50fbca55127c
-
SHA512
3e9f23131351c8333a6267974fca349560518b65c57579b205047f82e5a69ecce78736aa99d8d32f1c6303e9b91642f450eee8fba734d0e98c3b729ad74fd9b9
Malware Config
Extracted
vidar
49.2
818
https://mstdn.social/@kipriauk9
https://qoto.org/@kipriauk8
-
profile_id
818
Targets
-
-
Target
eufive_20211227-092632
-
Size
765KB
-
MD5
b750620da53c5c24faf440f74af0dc6e
-
SHA1
3f5f63d9019070e91b80dfd6f67fd54e0e8657c4
-
SHA256
733bcce9cbb0ebe6df9221af81224be387642e58edcb21fbf71a50fbca55127c
-
SHA512
3e9f23131351c8333a6267974fca349560518b65c57579b205047f82e5a69ecce78736aa99d8d32f1c6303e9b91642f450eee8fba734d0e98c3b729ad74fd9b9
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-