General
-
Target
eufive_20220312-005101
-
Size
628KB
-
Sample
220312-wwmy6aheb4
-
MD5
08279dc443b0888111af27b02393a137
-
SHA1
5c904d71cb4c5c046a12b105f3db6e311037a032
-
SHA256
369ac3f1ceaa5a83f544bc633abc8b0bbc89e5368ab17ec985009194205a5b50
-
SHA512
076fac58d72be0cfd967c21ceaeed23e5b94ae1425d1128e762d866c875c19f5384f068ac64de0d5331dbf3a667620f3b3a842f7ba5eef23ad1a0c5c9a1965bd
Malware Config
Extracted
vidar
50.7
865
https://ruhr.social/@sam9al
https://koyu.space/@samsa2l
-
profile_id
865
Targets
-
-
Target
eufive_20220312-005101
-
Size
628KB
-
MD5
08279dc443b0888111af27b02393a137
-
SHA1
5c904d71cb4c5c046a12b105f3db6e311037a032
-
SHA256
369ac3f1ceaa5a83f544bc633abc8b0bbc89e5368ab17ec985009194205a5b50
-
SHA512
076fac58d72be0cfd967c21ceaeed23e5b94ae1425d1128e762d866c875c19f5384f068ac64de0d5331dbf3a667620f3b3a842f7ba5eef23ad1a0c5c9a1965bd
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-