General
-
Target
e34e031f90002ad25ca1b315e0a0e1ca_JaffaCakes118
-
Size
2.0MB
-
Sample
240915-zcc7ds1ejd
-
MD5
e34e031f90002ad25ca1b315e0a0e1ca
-
SHA1
ed594f951eed29c1354e6d9e65f82cc27b39b060
-
SHA256
60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
-
SHA512
4c08ffaa9301f963c54cb8aa17bce30d833121b056c06903606ca1fe0d9e3a112b20ae72dde5e623acdf3bde15e75830f43f86594eed46e3ddc411e2bee9149f
-
SSDEEP
24576:w9Uoe69/dlRsxV7/igVTHl+mwmbz0Zl+p/+c6qacm5PO/k:mUoe61SxwgVj4mboZiU
Malware Config
Extracted
vidar
26.1
615
http://centos10.com/
-
profile_id
615
Targets
-
-
Target
e34e031f90002ad25ca1b315e0a0e1ca_JaffaCakes118
-
Size
2.0MB
-
MD5
e34e031f90002ad25ca1b315e0a0e1ca
-
SHA1
ed594f951eed29c1354e6d9e65f82cc27b39b060
-
SHA256
60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
-
SHA512
4c08ffaa9301f963c54cb8aa17bce30d833121b056c06903606ca1fe0d9e3a112b20ae72dde5e623acdf3bde15e75830f43f86594eed46e3ddc411e2bee9149f
-
SSDEEP
24576:w9Uoe69/dlRsxV7/igVTHl+mwmbz0Zl+p/+c6qacm5PO/k:mUoe61SxwgVj4mboZiU
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Vidar Stealer
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses 2FA software files, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2