General
-
Target
b6bd9bba1a2413d8e3ed5b3743d81961.exe
-
Size
3.1MB
-
Sample
250302-pazmhatyas
-
MD5
b6bd9bba1a2413d8e3ed5b3743d81961
-
SHA1
d109bcc2f82c65aa6ab7b7a46a2b6e35721021c8
-
SHA256
1cea85b0fdaa55fa1b59610e986a3ff895e838264d1f9624d3518153f8eec4a4
-
SHA512
de9fa003a14622de5e11e4b3d5fe4e03359d6eeb92e94f8d47e8d51e60cb29bfa4dda8336d82cb1c4b5398bee6760862ee2fce83c0a4ed9ce4467528108c01fd
-
SSDEEP
49152:/KI4dn/japkSAUHxLZKAHyc4pR0H1pluJhMCyTiFyL14X6t/M:/H4t/UZKASc4pwplAJyNZM
Malware Config
Targets
-
-
Target
b6bd9bba1a2413d8e3ed5b3743d81961.exe
-
Size
3.1MB
-
MD5
b6bd9bba1a2413d8e3ed5b3743d81961
-
SHA1
d109bcc2f82c65aa6ab7b7a46a2b6e35721021c8
-
SHA256
1cea85b0fdaa55fa1b59610e986a3ff895e838264d1f9624d3518153f8eec4a4
-
SHA512
de9fa003a14622de5e11e4b3d5fe4e03359d6eeb92e94f8d47e8d51e60cb29bfa4dda8336d82cb1c4b5398bee6760862ee2fce83c0a4ed9ce4467528108c01fd
-
SSDEEP
49152:/KI4dn/japkSAUHxLZKAHyc4pR0H1pluJhMCyTiFyL14X6t/M:/H4t/UZKASc4pwplAJyNZM
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4