d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb

General
Target

d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb

Size

629KB

Sample

220215-ggbv1sbde6

Score
10 /10
MD5

c611ab25cb2f384c7349a90c3706c0a9

SHA1

3abeb6a762c580a485faff32f3e5d1b1af21bc4d

SHA256

d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb

SHA512

d483c084e09f70fec9bf309f48692c7fbbcc48afc3f6989e41d3fb99e9ed0e7f5130585a5607dc308fac32fa92e2c09edb143611c6835e7aad560dd06e9f147d

Malware Config

Extracted

Family vidar
Version 48.3
Botnet 937
Attributes
profile_id
937
Targets
Target

d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb

MD5

c611ab25cb2f384c7349a90c3706c0a9

Filesize

629KB

Score
10/10
SHA1

3abeb6a762c580a485faff32f3e5d1b1af21bc4d

SHA256

d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb

SHA512

d483c084e09f70fec9bf309f48692c7fbbcc48afc3f6989e41d3fb99e9ed0e7f5130585a5607dc308fac32fa92e2c09edb143611c6835e7aad560dd06e9f147d

Tags

Signatures

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1