General
-
Target
9bffc89d3a81e37dc5c67b205d0bc096472c4ca5d4a3000c4613a351a0a955aa
-
Size
283KB
-
Sample
220621-yey17sdhe5
-
MD5
9b8a83a758264cfb77822a81ae885fc6
-
SHA1
bea0abf560f3644dea13681af942b1b65dac3f54
-
SHA256
9bffc89d3a81e37dc5c67b205d0bc096472c4ca5d4a3000c4613a351a0a955aa
-
SHA512
158c82a4641d30fea3e62f3104d7c6f34d5fde490acd419156f5284bfb9abd58545e2ff5b2d7aaa6979f9ff6f48f72fc731fd81ff8ad6f141ef8da9fce5f479f
Malware Config
Extracted
vidar
52.6
1415
https://t.me/tg_dailylessons
https://busshi.moe/@olegf9844xx
-
profile_id
1415
Targets
-
-
Target
9bffc89d3a81e37dc5c67b205d0bc096472c4ca5d4a3000c4613a351a0a955aa
-
Size
283KB
-
MD5
9b8a83a758264cfb77822a81ae885fc6
-
SHA1
bea0abf560f3644dea13681af942b1b65dac3f54
-
SHA256
9bffc89d3a81e37dc5c67b205d0bc096472c4ca5d4a3000c4613a351a0a955aa
-
SHA512
158c82a4641d30fea3e62f3104d7c6f34d5fde490acd419156f5284bfb9abd58545e2ff5b2d7aaa6979f9ff6f48f72fc731fd81ff8ad6f141ef8da9fce5f479f
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-