General
-
Target
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
Size
454KB
-
Sample
220520-fccq3sdccn
-
MD5
85dc3ceb559451d55fdd33eb45f4cf78
-
SHA1
7141181c7aea99ba06dde4d0a62305d82fd20d78
-
SHA256
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
SHA512
6f87055d3ba99c12c0082a696553d8a78ebfc8f2ce45c6a9779fb14dace263c5ac32cc1fc5ce504d97c3d92a1079c2d506318c5be971c83876efdbb3868aaba6
Malware Config
Extracted
vidar
29.4
517
http://wileyhollers.com/
-
profile_id
517
Targets
-
-
Target
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
Size
454KB
-
MD5
85dc3ceb559451d55fdd33eb45f4cf78
-
SHA1
7141181c7aea99ba06dde4d0a62305d82fd20d78
-
SHA256
95e06ba40b488f32ad91310e2ced318422d3c6bd8e1afb87fbaeb5d2e9c49c50
-
SHA512
6f87055d3ba99c12c0082a696553d8a78ebfc8f2ce45c6a9779fb14dace263c5ac32cc1fc5ce504d97c3d92a1079c2d506318c5be971c83876efdbb3868aaba6
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-