472772ed28161f82f180d925a6dd510914b18c8c1782cceb1ebe9781c73dec3a

General
Target

472772ed28161f82f180d925a6dd510914b18c8c1782cceb1ebe9781c73dec3a

Size

728KB

Sample

220215-q39hvagghj

Score
10 /10
MD5

a3208303a518632d07e6e6a240d37f25

SHA1

16af523e50ebd8bbc9930488d1769241ef6bcd83

SHA256

472772ed28161f82f180d925a6dd510914b18c8c1782cceb1ebe9781c73dec3a

SHA512

6ecfc344cf638969230d5d0c75c7f9ed96ab31250f17889ac2e2910b81da509f161c68850cc99546b6dfe6372836affa60322aff09cb77772c517c72507000be

Malware Config

Extracted

Family vidar
Version 47.9
Botnet 937
C2

https://mas.to/@kirpich

Attributes
profile_id
937
Targets
Target

472772ed28161f82f180d925a6dd510914b18c8c1782cceb1ebe9781c73dec3a

MD5

a3208303a518632d07e6e6a240d37f25

Filesize

728KB

Score
10/10
SHA1

16af523e50ebd8bbc9930488d1769241ef6bcd83

SHA256

472772ed28161f82f180d925a6dd510914b18c8c1782cceb1ebe9781c73dec3a

SHA512

6ecfc344cf638969230d5d0c75c7f9ed96ab31250f17889ac2e2910b81da509f161c68850cc99546b6dfe6372836affa60322aff09cb77772c517c72507000be

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10