4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

General
Target

4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

Size

618KB

Sample

220215-qr8geafch7

Score
10 /10
MD5

353a21b3835ac7c17a82af79302d23cc

SHA1

03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

SHA256

4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

SHA512

fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

Malware Config

Extracted

Family vidar
Version 41.7
Botnet 937
C2

https://mas.to/@lenka51

Attributes
profile_id
937
Targets
Target

4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

MD5

353a21b3835ac7c17a82af79302d23cc

Filesize

618KB

Score
10/10
SHA1

03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

SHA256

4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

SHA512

fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10