General
-
Target
e3be4420fc72c65d8ebe91239355ecbd
-
Size
1.0MB
-
Sample
220216-sklp6sbha3
-
MD5
e3be4420fc72c65d8ebe91239355ecbd
-
SHA1
830289c9135b3a0e526390e27e3a00a37723c8df
-
SHA256
6de9b52d4498f6a5061d71b2851fbe5e5ba2cb1998891d807cb92dc0c210b8a3
-
SHA512
cec50e1b4907acd819ec17e41f085f2f9d139783a81448f676a9ba75462f1f1895ebca3501774f25199d0464c777e84f2b1e161e81eeffc56b2432ad04ef0af5
Malware Config
Extracted
vidar
50.1
754
https://mastodon.online/@k1llerniax
https://koyu.space/@k1llerni2x
-
profile_id
754
Targets
-
-
Target
e3be4420fc72c65d8ebe91239355ecbd
-
Size
1.0MB
-
MD5
e3be4420fc72c65d8ebe91239355ecbd
-
SHA1
830289c9135b3a0e526390e27e3a00a37723c8df
-
SHA256
6de9b52d4498f6a5061d71b2851fbe5e5ba2cb1998891d807cb92dc0c210b8a3
-
SHA512
cec50e1b4907acd819ec17e41f085f2f9d139783a81448f676a9ba75462f1f1895ebca3501774f25199d0464c777e84f2b1e161e81eeffc56b2432ad04ef0af5
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-