General

  • Target

    f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e

  • Size

    332KB

  • Sample

    221024-rdgbfahbdn

  • MD5

    e75ec445beb33e400201791a3fba433d

  • SHA1

    a2c29449d05c2a26077e45dfcb45e37ef7c638a8

  • SHA256

    f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e

  • SHA512

    4efdb748bcaef9aa1ca5bc934d5797f692a7bbd974fc675318124a4bfce62e074fd32a3033a10057a5af5cc1b9d2c7d87de316c31bce0f5b7d61983f1f967134

  • SSDEEP

    6144:0vOVeLGesIxkyUJ/++5zPFj3D5HtFMLbv3:0vOw7sWi1+uzPFrD+f/

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes
  • profile_id

    937

Targets

    • Target

      f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e

    • Size

      332KB

    • MD5

      e75ec445beb33e400201791a3fba433d

    • SHA1

      a2c29449d05c2a26077e45dfcb45e37ef7c638a8

    • SHA256

      f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e

    • SHA512

      4efdb748bcaef9aa1ca5bc934d5797f692a7bbd974fc675318124a4bfce62e074fd32a3033a10057a5af5cc1b9d2c7d87de316c31bce0f5b7d61983f1f967134

    • SSDEEP

      6144:0vOVeLGesIxkyUJ/++5zPFj3D5HtFMLbv3:0vOw7sWi1+uzPFrD+f/

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

3
T1005

Tasks