General
-
Target
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
Size
570KB
-
Sample
220502-cas4hahdf3
-
MD5
6d7ee9b77de7229f7e6a8fd4c97bc589
-
SHA1
68981740e0e5a5b60c6d771c4dc624141cd51b19
-
SHA256
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
SHA512
07b6a214bb986aa5846051012dc8cdb615cadbd651b5203a227f81966679c8b0c7d4e309da63c6162ead8be26aa98e3940499220e3ad1c9a3e741af83135d482
Malware Config
Extracted
vidar
32.8
706
http://flowerfarm.co.ug/
-
profile_id
706
Targets
-
-
Target
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
Size
570KB
-
MD5
6d7ee9b77de7229f7e6a8fd4c97bc589
-
SHA1
68981740e0e5a5b60c6d771c4dc624141cd51b19
-
SHA256
d853365720fcc3a7fdb96235734fd69d09180f640f74d9f8c1961598bcc1f68a
-
SHA512
07b6a214bb986aa5846051012dc8cdb615cadbd651b5203a227f81966679c8b0c7d4e309da63c6162ead8be26aa98e3940499220e3ad1c9a3e741af83135d482
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-