General

  • Target

    f69a9cd55b6d88040a40f092ae962eccad79c773afb156eeec5919fd11ca7174

  • Size

    772KB

  • Sample

    220215-favh4sagg7

  • MD5

    9e8388274066861ecf159c212e153ec1

  • SHA1

    6ba52b3cca249625bce6de2fdf98002b7f476cde

  • SHA256

    f69a9cd55b6d88040a40f092ae962eccad79c773afb156eeec5919fd11ca7174

  • SHA512

    33a2a84cde6543aa464f4439d7db57e7debe6c87b7537b2b349da843b015b99cbd1d5dc70b347a6e8fcfa000652669cabc2e539748a5e127fdea72673915618c

Score
10/10

Malware Config

Extracted

Family

vidar

Version

47.9

Botnet

937

C2

https://mas.to/@kirpich

Attributes
  • profile_id

    937

Targets

    • Target

      f69a9cd55b6d88040a40f092ae962eccad79c773afb156eeec5919fd11ca7174

    • Size

      772KB

    • MD5

      9e8388274066861ecf159c212e153ec1

    • SHA1

      6ba52b3cca249625bce6de2fdf98002b7f476cde

    • SHA256

      f69a9cd55b6d88040a40f092ae962eccad79c773afb156eeec5919fd11ca7174

    • SHA512

      33a2a84cde6543aa464f4439d7db57e7debe6c87b7537b2b349da843b015b99cbd1d5dc70b347a6e8fcfa000652669cabc2e539748a5e127fdea72673915618c

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks