General

  • Target

    e4d1e1371378d447c650cb32735fb005391a1708ff27b31e247843cc6c0da3ad

  • Size

    663KB

  • Sample

    220215-fxsyssbbd8

  • MD5

    26d5c22faf0b02a47f9306759e2d581e

  • SHA1

    39271180ac974c3964b95d3e12c054c97e1d30b6

  • SHA256

    e4d1e1371378d447c650cb32735fb005391a1708ff27b31e247843cc6c0da3ad

  • SHA512

    4587a8ee8f2910d5b62bdab46b1a2871663ba24a310bd11f79cad560246b0978ce35dcff7f2141abe915f7fd1ad769515976602f20329ac1df6b4881665a16ab

Score
10/10

Malware Config

Extracted

Family

vidar

Version

47.9

Botnet

937

C2

https://mas.to/@kirpich

Attributes
  • profile_id

    937

Targets

    • Target

      e4d1e1371378d447c650cb32735fb005391a1708ff27b31e247843cc6c0da3ad

    • Size

      663KB

    • MD5

      26d5c22faf0b02a47f9306759e2d581e

    • SHA1

      39271180ac974c3964b95d3e12c054c97e1d30b6

    • SHA256

      e4d1e1371378d447c650cb32735fb005391a1708ff27b31e247843cc6c0da3ad

    • SHA512

      4587a8ee8f2910d5b62bdab46b1a2871663ba24a310bd11f79cad560246b0978ce35dcff7f2141abe915f7fd1ad769515976602f20329ac1df6b4881665a16ab

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks