General
-
Target
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
Size
939KB
-
Sample
220725-dr3vpscfbq
-
MD5
c83d9e6e41902a70eb1b8f188cc8eb59
-
SHA1
a9827e9089a5011099d5755f5c9d6ef9afa2247e
-
SHA256
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
SHA512
dd3d54830e0131f968d3a7e4e9e285aea46688d6b509be3b715c2a8ba728fb3805e52247d0b67b622f3cf2f3c3531eac9a5339bd7525761db85cb94db54fe6fd
Malware Config
Extracted
vidar
15.5
533
http://steerdemens.com/
-
profile_id
533
Targets
-
-
Target
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
Size
939KB
-
MD5
c83d9e6e41902a70eb1b8f188cc8eb59
-
SHA1
a9827e9089a5011099d5755f5c9d6ef9afa2247e
-
SHA256
cd1ce709fabcd8312470553e6c9a78336631c0c2cdcb7489dfbd8f5bd3ce5130
-
SHA512
dd3d54830e0131f968d3a7e4e9e285aea46688d6b509be3b715c2a8ba728fb3805e52247d0b67b622f3cf2f3c3531eac9a5339bd7525761db85cb94db54fe6fd
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-