General
-
Target
575dc6ea8ce28618a9cfce02ddbc8b0d62d6b6ace5b3db2413c387370569d626
-
Size
255KB
-
Sample
221025-11tpqaeafj
-
MD5
de040e79cc330c21e8b21a84c2c6202c
-
SHA1
1862014e021ec2ebc62834b021eb13dc99818703
-
SHA256
575dc6ea8ce28618a9cfce02ddbc8b0d62d6b6ace5b3db2413c387370569d626
-
SHA512
f9e513495f7770bb03b776cd114d2ea2153dca36ca2232c1fe6a890b0b23719b9efa40beb691418d05f9f5ee0a40b35be9ed625780816941eedac8a433348e7e
-
SSDEEP
3072:MZXVg568LKS/8aDYfFcjR27ht+Brz6OoIFsxRSvG/bppfbcMWT:y6NLtpDYfFlIz6Oo6sGvG/bpF3WT
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
575dc6ea8ce28618a9cfce02ddbc8b0d62d6b6ace5b3db2413c387370569d626
-
Size
255KB
-
MD5
de040e79cc330c21e8b21a84c2c6202c
-
SHA1
1862014e021ec2ebc62834b021eb13dc99818703
-
SHA256
575dc6ea8ce28618a9cfce02ddbc8b0d62d6b6ace5b3db2413c387370569d626
-
SHA512
f9e513495f7770bb03b776cd114d2ea2153dca36ca2232c1fe6a890b0b23719b9efa40beb691418d05f9f5ee0a40b35be9ed625780816941eedac8a433348e7e
-
SSDEEP
3072:MZXVg568LKS/8aDYfFcjR27ht+Brz6OoIFsxRSvG/bppfbcMWT:y6NLtpDYfFlIz6Oo6sGvG/bpF3WT
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-