General

  • Target

    8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419

  • Size

    245KB

  • Sample

    221019-zqjakagecj

  • MD5

    d0a580824fcce7256f6c98032889bdf0

  • SHA1

    0db8393996712c54d5543eb9478288e8f25a7ba4

  • SHA256

    b38291c5f45ed02c791219437b68c84c79a88d4866b77da5b4b678eb43f977af

  • SHA512

    93e51591deed7d221adbe29bbd2a40ba4195b86c7c6ae699818e1f1a2f6db7506c7c6a86bc3285fa44a60477d0604dd5a570fff29e9a0ed7ca93a4459edce595

  • SSDEEP

    6144:vfuNT54dWkOcSk5ZJymwiIHUSVXwnQHVVSi:vfu/4dp/53FIHUSuCVVx

Malware Config

Extracted

Family

vidar

Version

55.1

Botnet

517

C2

https://t.me/tg_privatetalk

https://nerdculture.de/@yixehi33

Attributes
  • profile_id

    517

Targets

    • Target

      8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419

    • Size

      325KB

    • MD5

      e4e90e1dda4b51d199d449fa936db902

    • SHA1

      70de6b213f872ba782ba11cad5a5d1294ca9e741

    • SHA256

      8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419

    • SHA512

      3958e1c40d69d5439b5e85bdb5765bb38ec5bba24f38a8aafb9a53c167ebaffb5c202441613af3f2d968c9c902de35036f67d87f7777efeb4c66869a7fc3c4ed

    • SSDEEP

      6144:neleO4eULHur41zAVbWuOcSk5ZVymwi0HUS5XwnQHEfAP+O9l:neleOzU7us1qCu/5PF0HUSyC2/W

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks