bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

General
Target

bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

Size

679KB

Sample

220215-hcj69sdcbk

Score
10 /10
MD5

f4a9c73c92501f4ada0ad74830610e11

SHA1

f5755ba5404a3fc467f850ff2dd01e6d9fd228fd

SHA256

bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

SHA512

7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c

Malware Config

Extracted

Family vidar
Version 48.4
Botnet 937
C2

https://koyu.space/@qmashton

Attributes
profile_id
937
Targets
Target

bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

MD5

f4a9c73c92501f4ada0ad74830610e11

Filesize

679KB

Score
10/10
SHA1

f5755ba5404a3fc467f850ff2dd01e6d9fd228fd

SHA256

bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

SHA512

7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10