General
-
Target
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
Size
531KB
-
Sample
220521-m6dzkadbb3
-
MD5
910747fd832b5974deb69a7403817984
-
SHA1
17a06d18d852064ac58e5ad3e755d33ad8c94a05
-
SHA256
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
SHA512
974e6149b1a11056e0536d4588ac361fc7e8243524c0374e0f7159f992fd76157057c9050b50f078390b891cb0a480d1ab6d9c1df6060e9d28f4d454aabe98d1
Malware Config
Extracted
vidar
30.6
517
http://swiloodex.com/
-
profile_id
517
Targets
-
-
Target
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
Size
531KB
-
MD5
910747fd832b5974deb69a7403817984
-
SHA1
17a06d18d852064ac58e5ad3e755d33ad8c94a05
-
SHA256
6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8
-
SHA512
974e6149b1a11056e0536d4588ac361fc7e8243524c0374e0f7159f992fd76157057c9050b50f078390b891cb0a480d1ab6d9c1df6060e9d28f4d454aabe98d1
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-