General

  • Target

    4d2aa90eec2827ae5d6e88ec4f9250468e670481e791c01393b44bf1b851e15e

  • Size

    402KB

  • Sample

    220415-j9a6asgba3

  • MD5

    dd7b5b86f468df24c5532e4b03b5d08e

  • SHA1

    86053502b43de4177c826925fc1b51fe7dfbaa80

  • SHA256

    4d2aa90eec2827ae5d6e88ec4f9250468e670481e791c01393b44bf1b851e15e

  • SHA512

    461ae681ac7672ea6392dfd8d18665f420371062f3918c8e3dd56c21535e7eda8ded7c3daa4a2e3a5f57e0eb79812994ed6a18aa27ac0718a96bc45ae7e6a6f5

Malware Config

Extracted

Family

vidar

Version

34.1

Botnet

237

C2

http://nextgentoolkit.com/

Attributes
  • profile_id

    237

Targets

    • Target

      4d2aa90eec2827ae5d6e88ec4f9250468e670481e791c01393b44bf1b851e15e

    • Size

      402KB

    • MD5

      dd7b5b86f468df24c5532e4b03b5d08e

    • SHA1

      86053502b43de4177c826925fc1b51fe7dfbaa80

    • SHA256

      4d2aa90eec2827ae5d6e88ec4f9250468e670481e791c01393b44bf1b851e15e

    • SHA512

      461ae681ac7672ea6392dfd8d18665f420371062f3918c8e3dd56c21535e7eda8ded7c3daa4a2e3a5f57e0eb79812994ed6a18aa27ac0718a96bc45ae7e6a6f5

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks