2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

General
Target

2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

Size

756KB

Sample

220215-sc399agbf5

Score
10 /10
MD5

c047905ec2dbb9f688e5d14832679184

SHA1

c6574566b3ea0325f82eac22885320233fb40dce

SHA256

2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

SHA512

61f799e963a1cd1fce9f9997aff0644dde375bf5442aebacd03036301044c049436b35c4794e0d2e7fa742cf73a54efbfd26cbc66eb15ce0eecce97bd01338be

Malware Config

Extracted

Family vidar
Version 48.5
Botnet 937
C2

https://koyu.space/@tttaj

Attributes
profile_id
937
Targets
Target

2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

MD5

c047905ec2dbb9f688e5d14832679184

Filesize

756KB

Score
10/10
SHA1

c6574566b3ea0325f82eac22885320233fb40dce

SHA256

2295510f041dc01c4a3c8644db06e1191c1b341d95c8104c44a62fac4544e44b

SHA512

61f799e963a1cd1fce9f9997aff0644dde375bf5442aebacd03036301044c049436b35c4794e0d2e7fa742cf73a54efbfd26cbc66eb15ce0eecce97bd01338be

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10