General
-
Target
b91df3382fb792927b7a43f595102a68
-
Size
738KB
-
Sample
220114-e8ae6aece4
-
MD5
b91df3382fb792927b7a43f595102a68
-
SHA1
98fc7fd55800a296405da0c4dcfb4aabba017566
-
SHA256
48c7a0f90aeb87e9ba5feb08b5bedbcb70aacf2632636f71a62e2ffdd551ec98
-
SHA512
900f10fcb648cfc565c3b0a9ccd1f934180a7706cdad3255f2add66395085df53b0158848f04dcb1ad17fd664b83062e5889f2b95d7fd7f842365c649fa725d4
Malware Config
Extracted
vidar
49.6
565
https://noc.social/@banda5ker
https://mastodon.social/@banda6ker
-
profile_id
565
Targets
-
-
Target
b91df3382fb792927b7a43f595102a68
-
Size
738KB
-
MD5
b91df3382fb792927b7a43f595102a68
-
SHA1
98fc7fd55800a296405da0c4dcfb4aabba017566
-
SHA256
48c7a0f90aeb87e9ba5feb08b5bedbcb70aacf2632636f71a62e2ffdd551ec98
-
SHA512
900f10fcb648cfc565c3b0a9ccd1f934180a7706cdad3255f2add66395085df53b0158848f04dcb1ad17fd664b83062e5889f2b95d7fd7f842365c649fa725d4
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-