General

  • Target

    103effa9472a10a9eee4c94241e18367ccb3d3765b6ec04b635115a72e2524db

  • Size

    666KB

  • Sample

    220604-p85leacefm

  • MD5

    ccd6d337a7866b695c16a2d680acface

  • SHA1

    38a65e8d865104b8390b9827b3374ca094156f34

  • SHA256

    103effa9472a10a9eee4c94241e18367ccb3d3765b6ec04b635115a72e2524db

  • SHA512

    4b1f153fb88cb8fd0163f23e8cc4a21650999950f743ed81d6da80a18b308c8969f7b29e6984a7ab55f8047f5a5c69658477457425ab351063ac956b523caecd

Malware Config

Extracted

Family

vidar

Version

50.2

Botnet

937

C2

https://c.im/@killern3ax

https://qoto.org/@kill4rnix

Attributes
  • profile_id

    937

Targets

    • Target

      103effa9472a10a9eee4c94241e18367ccb3d3765b6ec04b635115a72e2524db

    • Size

      666KB

    • MD5

      ccd6d337a7866b695c16a2d680acface

    • SHA1

      38a65e8d865104b8390b9827b3374ca094156f34

    • SHA256

      103effa9472a10a9eee4c94241e18367ccb3d3765b6ec04b635115a72e2524db

    • SHA512

      4b1f153fb88cb8fd0163f23e8cc4a21650999950f743ed81d6da80a18b308c8969f7b29e6984a7ab55f8047f5a5c69658477457425ab351063ac956b523caecd

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks