317e6d0c61edc2d145f8f29a19e1ecee049f6f3cff8decd0f5d8171ab99f9813

General
Target

317e6d0c61edc2d145f8f29a19e1ecee049f6f3cff8decd0f5d8171ab99f9813

Size

640KB

Sample

220215-rvjswsfhd6

Score
10 /10
MD5

81843d9c10e65eeead6650766ba18d08

SHA1

618f493341aea26dc4d7c46dae854d5c1d56bcbf

SHA256

317e6d0c61edc2d145f8f29a19e1ecee049f6f3cff8decd0f5d8171ab99f9813

SHA512

89a75dcb396ab86a4bb495ed14176b2f0a7b31949fbba02e8cdcb04967595269048dd95683391e16cd431c235ff90d5a62e616ac997cb9f983a7f358dc3dab63

Malware Config

Extracted

Family vidar
Version 41.6
Botnet 937
C2

https://mas.to/@lilocc

Attributes
profile_id
937
Targets
Target

317e6d0c61edc2d145f8f29a19e1ecee049f6f3cff8decd0f5d8171ab99f9813

MD5

81843d9c10e65eeead6650766ba18d08

Filesize

640KB

Score
10/10
SHA1

618f493341aea26dc4d7c46dae854d5c1d56bcbf

SHA256

317e6d0c61edc2d145f8f29a19e1ecee049f6f3cff8decd0f5d8171ab99f9813

SHA512

89a75dcb396ab86a4bb495ed14176b2f0a7b31949fbba02e8cdcb04967595269048dd95683391e16cd431c235ff90d5a62e616ac997cb9f983a7f358dc3dab63

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10