General

  • Target

    3fb54645fba660ad5c6824ccff364832

  • Size

    543KB

  • Sample

    240104-dd4vvahhg7

  • MD5

    3fb54645fba660ad5c6824ccff364832

  • SHA1

    107f0844fc867bda1b7f664421c92712bc2a9a5b

  • SHA256

    de05db338a5854f13a46e498a6ba4484b7bd47062ed3adae9a93bb8cc767d3d9

  • SHA512

    ae80fe134835548a3684a2f68248a2e55a9a1db096e0a014a8fd56173141b8a11b6f07ec982f4b096436250b9ff22edf8c9d7f6439a07ce3e8f9735a94abf339

  • SSDEEP

    12288:F1Gt75Q2a/P457JGNor4kLNpJDg8RFdn5nHhhTUUmviVn0woO:k75a/PIdGiLNvJRZhFhgiE

Malware Config

Extracted

Family

vidar

Version

39.9

Botnet

706

C2

https://prophefliloc.tumblr.com/

Attributes
  • profile_id

    706

Targets

    • Target

      3fb54645fba660ad5c6824ccff364832

    • Size

      543KB

    • MD5

      3fb54645fba660ad5c6824ccff364832

    • SHA1

      107f0844fc867bda1b7f664421c92712bc2a9a5b

    • SHA256

      de05db338a5854f13a46e498a6ba4484b7bd47062ed3adae9a93bb8cc767d3d9

    • SHA512

      ae80fe134835548a3684a2f68248a2e55a9a1db096e0a014a8fd56173141b8a11b6f07ec982f4b096436250b9ff22edf8c9d7f6439a07ce3e8f9735a94abf339

    • SSDEEP

      12288:F1Gt75Q2a/P457JGNor4kLNpJDg8RFdn5nHhhTUUmviVn0woO:k75a/PIdGiLNvJRZhFhgiE

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks