General
-
Target
f7ddfa369aae506819474be3d5ce34ae_JaffaCakes118
-
Size
465KB
-
Sample
240418-m7anjabb72
-
MD5
f7ddfa369aae506819474be3d5ce34ae
-
SHA1
a73379132803037deae1654d9522be7f67b203df
-
SHA256
3d60aad7b65f6f03bbde17975de9e4f1585ab1c9b3f6cd7b257ba7c6de79046a
-
SHA512
79c2371c6594c41cd36703ff9f4d5d35316f3b786ba49b38530044fc7e24a5deaa9a24490f5fe10c04291dab4537e3cbec176af30cea6b0ca6f734c6252cb2ae
-
SSDEEP
12288:GfUa5OoVwV6OnvupamFKrRbomMsYAZ+ABWpLX:GfvHVYrviFKrWsYAZ+yKX
Malware Config
Extracted
vidar
26.2
237
http://bristleconepin.com/
-
profile_id
237
Targets
-
-
Target
f7ddfa369aae506819474be3d5ce34ae_JaffaCakes118
-
Size
465KB
-
MD5
f7ddfa369aae506819474be3d5ce34ae
-
SHA1
a73379132803037deae1654d9522be7f67b203df
-
SHA256
3d60aad7b65f6f03bbde17975de9e4f1585ab1c9b3f6cd7b257ba7c6de79046a
-
SHA512
79c2371c6594c41cd36703ff9f4d5d35316f3b786ba49b38530044fc7e24a5deaa9a24490f5fe10c04291dab4537e3cbec176af30cea6b0ca6f734c6252cb2ae
-
SSDEEP
12288:GfUa5OoVwV6OnvupamFKrRbomMsYAZ+ABWpLX:GfvHVYrviFKrWsYAZ+yKX
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-