General

  • Target

    4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

  • Size

    618KB

  • Sample

    220215-qr8geafch7

  • MD5

    353a21b3835ac7c17a82af79302d23cc

  • SHA1

    03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

  • SHA256

    4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

  • SHA512

    fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

Score
10/10

Malware Config

Extracted

Family

vidar

Version

41.7

Botnet

937

C2

https://mas.to/@lenka51

Attributes
profile_id
937

Targets

    • Target

      4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

    • Size

      618KB

    • MD5

      353a21b3835ac7c17a82af79302d23cc

    • SHA1

      03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

    • SHA256

      4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

    • SHA512

      fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation