General

  • Target

    2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

  • Size

    756KB

  • Sample

    220215-sc399agbf5

  • MD5

    c047905ec2dbb9f688e5d14832679184

  • SHA1

    c6574566b3ea0325f82eac22885320233fb40dce

  • SHA256

    2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

  • SHA512

    61f799e963a1cd1fce9f9997aff0644dde375bf5442aebacd03036301044c049436b35c4794e0d2e7fa742cf73a54efbfd26cbc66eb15ce0eecce97bd01338be

Score
10/10

Malware Config

Extracted

Family

vidar

Version

48.5

Botnet

937

C2

https://koyu.space/@tttaj

Attributes
  • profile_id

    937

Targets

    • Target

      2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

    • Size

      756KB

    • MD5

      c047905ec2dbb9f688e5d14832679184

    • SHA1

      c6574566b3ea0325f82eac22885320233fb40dce

    • SHA256

      2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

    • SHA512

      61f799e963a1cd1fce9f9997aff0644dde375bf5442aebacd03036301044c049436b35c4794e0d2e7fa742cf73a54efbfd26cbc66eb15ce0eecce97bd01338be

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks