General

  • Target

    bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

  • Size

    679KB

  • Sample

    220215-hcj69sdcbk

  • MD5

    f4a9c73c92501f4ada0ad74830610e11

  • SHA1

    f5755ba5404a3fc467f850ff2dd01e6d9fd228fd

  • SHA256

    bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

  • SHA512

    7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c

Score
10/10

Malware Config

Extracted

Family

vidar

Version

48.4

Botnet

937

C2

https://koyu.space/@qmashton

Attributes
profile_id
937

Targets

    • Target

      bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

    • Size

      679KB

    • MD5

      f4a9c73c92501f4ada0ad74830610e11

    • SHA1

      f5755ba5404a3fc467f850ff2dd01e6d9fd228fd

    • SHA256

      bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4

    • SHA512

      7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation