General
-
Target
9ca8917f05e4aba70e38234b3f9e19ae10e368b7830f2d3147249be9f645823c
-
Size
458KB
-
Sample
220327-zdfnxacfh6
-
MD5
447a0125f5ab6e3299b4ec775eaff7d1
-
SHA1
82b318a76b365031095324562444a409336cd507
-
SHA256
9ca8917f05e4aba70e38234b3f9e19ae10e368b7830f2d3147249be9f645823c
-
SHA512
c2420fe1d29ed83c3c494a2a1a560141cc69642331e08d675faa8af466973d93703d3c137a972393afb80cef9edf5ef4034e5479fa9a06dd2ce825ce8176b955
Malware Config
Extracted
vidar
34.2
399
http://poolventsystems.com/
-
profile_id
399
Targets
-
-
Target
9ca8917f05e4aba70e38234b3f9e19ae10e368b7830f2d3147249be9f645823c
-
Size
458KB
-
MD5
447a0125f5ab6e3299b4ec775eaff7d1
-
SHA1
82b318a76b365031095324562444a409336cd507
-
SHA256
9ca8917f05e4aba70e38234b3f9e19ae10e368b7830f2d3147249be9f645823c
-
SHA512
c2420fe1d29ed83c3c494a2a1a560141cc69642331e08d675faa8af466973d93703d3c137a972393afb80cef9edf5ef4034e5479fa9a06dd2ce825ce8176b955
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-