General

  • Target

    0bc97a36dc6135fc7a69c90c1c303439.exe

  • Size

    585KB

  • Sample

    210928-g4b5asahcl

  • MD5

    0bc97a36dc6135fc7a69c90c1c303439

  • SHA1

    a3508e80c4e9bd20c04114c599be634107a49952

  • SHA256

    7859d00a4fe195ff6eee7795be34ee9a351a0445acf0639cd999e9a3767dd1df

  • SHA512

    67a8a4f9d33789460f677fd30e450673b564c6bcf09fdddac0a1932a0c42237c296d6d1f10f01bf4d6a1cb6641846a342d1798badc575bdfff2ac8ab37dfb0a3

Malware Config

Targets

    • Target

      0bc97a36dc6135fc7a69c90c1c303439.exe

    • Size

      585KB

    • MD5

      0bc97a36dc6135fc7a69c90c1c303439

    • SHA1

      a3508e80c4e9bd20c04114c599be634107a49952

    • SHA256

      7859d00a4fe195ff6eee7795be34ee9a351a0445acf0639cd999e9a3767dd1df

    • SHA512

      67a8a4f9d33789460f677fd30e450673b564c6bcf09fdddac0a1932a0c42237c296d6d1f10f01bf4d6a1cb6641846a342d1798badc575bdfff2ac8ab37dfb0a3

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    • Vidar Stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks