General

  • Target

    42226b9f119843f7ff26e7d50895564d59fe8bf8db1830047c86298d8bc22d74

  • Size

    323KB

  • Sample

    241219-rhmc9avkcq

  • MD5

    34f45d20fef7dd9c8e8d7f5b9d5fa6a7

  • SHA1

    4270a1cf22a0183d772bf143bec8a81b8b4ac51e

  • SHA256

    42226b9f119843f7ff26e7d50895564d59fe8bf8db1830047c86298d8bc22d74

  • SHA512

    11a4e65e08a6f948336971e612f859429c4c58c6443ba85fc3b7a5165040bde57555c596a8c0322cd71b8e1fa3758dd7f6a247de5197b32212d9a90c37fe2410

  • SSDEEP

    6144:bspY93m4ezZF197TvhhFUJi7AuRQ1zkIFZQRhtinsoCiiEI+:bWym4ezxLhKAkuRQtkIjQRGns2iEz

Malware Config

Targets

    • Target

      42226b9f119843f7ff26e7d50895564d59fe8bf8db1830047c86298d8bc22d74

    • Size

      323KB

    • MD5

      34f45d20fef7dd9c8e8d7f5b9d5fa6a7

    • SHA1

      4270a1cf22a0183d772bf143bec8a81b8b4ac51e

    • SHA256

      42226b9f119843f7ff26e7d50895564d59fe8bf8db1830047c86298d8bc22d74

    • SHA512

      11a4e65e08a6f948336971e612f859429c4c58c6443ba85fc3b7a5165040bde57555c596a8c0322cd71b8e1fa3758dd7f6a247de5197b32212d9a90c37fe2410

    • SSDEEP

      6144:bspY93m4ezZF197TvhhFUJi7AuRQ1zkIFZQRhtinsoCiiEI+:bWym4ezxLhKAkuRQtkIjQRGns2iEz

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks