General
-
Target
c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.bin
-
Size
428KB
-
Sample
230125-nbtbfahd81
-
MD5
51c7bf8f21a041942f3f307d5667ec1b
-
SHA1
8bb72efd6a0ce17720e75e7c8e39698deaf0c4b8
-
SHA256
c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053
-
SHA512
91ac2036b8a89ff901d6fd1de301b7709a0af82ce40a09599df60141e7114b6275e40be6126bfe14f8dc8d1fac6fa2e6d6b514619dac7552b3c57e31d6e12ec8
-
SSDEEP
6144:piEsLX1A5bOi8qvU7xZa8V50taXV6x6pvYk0E32P61hJFIJfVAVrwU+:0972brjv6c8VbfpvYJE32P6PHgtyQ
Malware Config
Extracted
vidar
1.6
24
https://t.me/ibommat
https://steamcommunity.com/profiles/76561199446766594
-
profile_id
24
Targets
-
-
Target
c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.bin
-
Size
428KB
-
MD5
51c7bf8f21a041942f3f307d5667ec1b
-
SHA1
8bb72efd6a0ce17720e75e7c8e39698deaf0c4b8
-
SHA256
c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053
-
SHA512
91ac2036b8a89ff901d6fd1de301b7709a0af82ce40a09599df60141e7114b6275e40be6126bfe14f8dc8d1fac6fa2e6d6b514619dac7552b3c57e31d6e12ec8
-
SSDEEP
6144:piEsLX1A5bOi8qvU7xZa8V50taXV6x6pvYk0E32P61hJFIJfVAVrwU+:0972brjv6c8VbfpvYJE32P6PHgtyQ
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation