32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

General
Target

32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

Size

655KB

Sample

220215-rt7tbshber

Score
10 /10
MD5

5214689cb18baecfe0267940ad845398

SHA1

919514c68f7e009ddbb523fc17bbb2ba5604cac4

SHA256

32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

SHA512

a2b18ac30bf332c5f473b48f6a570013dc9e8ec51ed212032253226d620a7b8018a05d018d8a0eea32e51ad5382b2b519d54da6bdebab8bae5f72664e8f500b9

Malware Config

Extracted

Family vidar
Version 48.1
Botnet 937
C2

https://koyu.space/@rspich

Attributes
profile_id
937
Targets
Target

32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

MD5

5214689cb18baecfe0267940ad845398

Filesize

655KB

Score
10/10
SHA1

919514c68f7e009ddbb523fc17bbb2ba5604cac4

SHA256

32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

SHA512

a2b18ac30bf332c5f473b48f6a570013dc9e8ec51ed212032253226d620a7b8018a05d018d8a0eea32e51ad5382b2b519d54da6bdebab8bae5f72664e8f500b9

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10