General
-
Target
6198158ab3aa4dd99bcc1fe230ff7539.exe
-
Size
465KB
-
Sample
240106-mk2thaeahk
-
MD5
6198158ab3aa4dd99bcc1fe230ff7539
-
SHA1
af80ebc9ed1102f91a9601d35a92a342331b9be1
-
SHA256
df5e1feaf7fe114c30d33a01af6d9e70f89a33d6384158a58d026a7c13908915
-
SHA512
da6f52245dbeb31cbf56e461b59cada5ecef1aef4feee8f27a131118cef05092700be806338666c7285e0805fe8a855871143b73739cb0378be8d99a5b5e6ff7
-
SSDEEP
12288:QggkmrTGAkZsQ8Rg6I/F4l0EbO0/lAFeFMy2:QggkGTGbZBCg6I/F808OWlu7f
Malware Config
Extracted
vidar
28.7
237
http://freroxhottov.com/
-
profile_id
237
Targets
-
-
Target
6198158ab3aa4dd99bcc1fe230ff7539.exe
-
Size
465KB
-
MD5
6198158ab3aa4dd99bcc1fe230ff7539
-
SHA1
af80ebc9ed1102f91a9601d35a92a342331b9be1
-
SHA256
df5e1feaf7fe114c30d33a01af6d9e70f89a33d6384158a58d026a7c13908915
-
SHA512
da6f52245dbeb31cbf56e461b59cada5ecef1aef4feee8f27a131118cef05092700be806338666c7285e0805fe8a855871143b73739cb0378be8d99a5b5e6ff7
-
SSDEEP
12288:QggkmrTGAkZsQ8Rg6I/F4l0EbO0/lAFeFMy2:QggkGTGbZBCg6I/F808OWlu7f
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-