General

  • Target

    32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

  • Size

    655KB

  • Sample

    220215-rt7tbshber

  • MD5

    5214689cb18baecfe0267940ad845398

  • SHA1

    919514c68f7e009ddbb523fc17bbb2ba5604cac4

  • SHA256

    32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

  • SHA512

    a2b18ac30bf332c5f473b48f6a570013dc9e8ec51ed212032253226d620a7b8018a05d018d8a0eea32e51ad5382b2b519d54da6bdebab8bae5f72664e8f500b9

Score
10/10

Malware Config

Extracted

Family

vidar

Version

48.1

Botnet

937

C2

https://koyu.space/@rspich

Attributes
  • profile_id

    937

Targets

    • Target

      32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

    • Size

      655KB

    • MD5

      5214689cb18baecfe0267940ad845398

    • SHA1

      919514c68f7e009ddbb523fc17bbb2ba5604cac4

    • SHA256

      32057fad31bfb5015fc818847d245cd144a3c8166ae377cc4143ee5795ac06e5

    • SHA512

      a2b18ac30bf332c5f473b48f6a570013dc9e8ec51ed212032253226d620a7b8018a05d018d8a0eea32e51ad5382b2b519d54da6bdebab8bae5f72664e8f500b9

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks