General
-
Target
bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4
-
Size
679KB
-
Sample
220215-hcj69sdcbk
-
MD5
f4a9c73c92501f4ada0ad74830610e11
-
SHA1
f5755ba5404a3fc467f850ff2dd01e6d9fd228fd
-
SHA256
bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4
-
SHA512
7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c
Static task
static1
Behavioral task
behavioral1
Sample
bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4.exe
Resource
win7-en-20211208
Malware Config
Extracted
| Family |
vidar |
| Version |
48.4 |
| Botnet |
937 |
| C2 |
https://koyu.space/@qmashton |
| Attributes |
profile_id 937 |
Targets
-
-
Target
bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4
-
Size
679KB
-
MD5
f4a9c73c92501f4ada0ad74830610e11
-
SHA1
f5755ba5404a3fc467f850ff2dd01e6d9fd228fd
-
SHA256
bd7eec533b670d12046211475971ef6d32b54c37290f41ba33a4cc6b09a925a4
-
SHA512
7eb7d62d729b2d2dbacd89d6f2a3d94f053ee0336a413fef76effd3a6b445e9f0877c931bfda11ac3624a0bb8ce09268fac4fb637b7d0ea128342a3d9ac80d7c
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Vidar Stealer
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation