General
-
Target
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
Size
536KB
-
Sample
220708-wta7ksdffp
-
MD5
f2a197d1fb54e9ba87f8700356803512
-
SHA1
ab62e8f84e421aba4c878d476b3f30af804dae2b
-
SHA256
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
SHA512
ce85de313d37d0afe0782e1c27986fca7e2f1cedd303fe321a49c1c76acad4ff7a91a33390142c1e71a9dfd46d544373584faae3f6ba18bc02e6ce6e528580a8
Malware Config
Extracted
vidar
36
754
http://littlestepfor.com/
-
profile_id
754
Targets
-
-
Target
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
Size
536KB
-
MD5
f2a197d1fb54e9ba87f8700356803512
-
SHA1
ab62e8f84e421aba4c878d476b3f30af804dae2b
-
SHA256
e64d10fd59550cbf84c03100bffd18cb54b12e92f88e9857d3854c4840e874e9
-
SHA512
ce85de313d37d0afe0782e1c27986fca7e2f1cedd303fe321a49c1c76acad4ff7a91a33390142c1e71a9dfd46d544373584faae3f6ba18bc02e6ce6e528580a8
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-