General

  • Target

    8472480879.zip

  • Size

    3MB

  • Sample

    221129-kmc7tafh9z

  • MD5

    6eab674b40bbd8dea7733c6ffd6fd475

  • SHA1

    81483af23b475f96fad365047eb9b0e10245ce77

  • SHA256

    807cd667638409b072cad009046de64c656ad544735ab95ea6db34b6f46b9da8

  • SHA512

    056bb6cf78319b26957af2bdf277a38bb7decd2fceb93e011caa6a5d953c6f5dadedb7a6c11229f9bdb40e6f249b88acc213b5fdce7d72186fcbb3b8f719a3c6

  • SSDEEP

    98304:LrCGnR3xgJC1RE226DAWesb/9E1Sbs01K6kzZiPUAlBhAzeM:LG0R3xgJC1REgU+9E4ISkNi1BhU7

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1142

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes
profile_id
1142

Targets

    • Target

      591835d00134e24ab87d8dd53a1fced015c3cee18f49ac435f28dc2af024bf92

    • Size

      4MB

    • MD5

      37eb7e578bc1b48c2001eb7aa3eb1062

    • SHA1

      20e4b7bff24d30f72d90bc2fa41649a347e70ffd

    • SHA256

      591835d00134e24ab87d8dd53a1fced015c3cee18f49ac435f28dc2af024bf92

    • SHA512

      aa056dbe9195d1cef1e4a1f9937538896a5c2b12da9b9ead4ee97c26ef210a31d70dd2bd46cba9de6e50a70389b5fa4b55164af7e637595e30a7abea79f295b1

    • SSDEEP

      98304:TgQlcmsRh4de3XKadvP84mza0stsYFxmRg:TgQamsRhr3XKay4+vsFh

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

              Privilege Escalation

                Tasks