General
-
Target
Loader.exe
-
Size
445KB
-
Sample
230216-skqn5ahg4v
-
MD5
9e30553b003e6c9099ce52ea18d0a6f9
-
SHA1
b4de671b594ad90439a43cf4de49606ee6798298
-
SHA256
eddd58f52fc1ead5886f788892412d23a0fa5fc4c76af2548ea7321c2f6c4d9c
-
SHA512
5788097d8a613e78644e8a94123b06d93c708216fe92c2865017933bd3b4ec507107c68ec31c7d58c595032b570f8c4e8f56db9d51927a3764fb699d89ff70c3
-
SSDEEP
6144:EAYL50f+dgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/vFip6y/OMB:EAM9e82fZPMfq3tzWdvoZL9/fMB
Malware Config
Extracted
vidar
2.5
408
-
profile_id
408
Targets
-
-
Target
Loader.exe
-
Size
445KB
-
MD5
9e30553b003e6c9099ce52ea18d0a6f9
-
SHA1
b4de671b594ad90439a43cf4de49606ee6798298
-
SHA256
eddd58f52fc1ead5886f788892412d23a0fa5fc4c76af2548ea7321c2f6c4d9c
-
SHA512
5788097d8a613e78644e8a94123b06d93c708216fe92c2865017933bd3b4ec507107c68ec31c7d58c595032b570f8c4e8f56db9d51927a3764fb699d89ff70c3
-
SSDEEP
6144:EAYL50f+dgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/vFip6y/OMB:EAM9e82fZPMfq3tzWdvoZL9/fMB
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-