General

  • Target

    555.exe

  • Size

    1.2MB

  • Sample

    220322-2q5jxabdd9

  • MD5

    ed37ebbe1746dd0d566c8c4769655e0b

  • SHA1

    0a559ebf6ab1cdf292c79aac5ac20c236d975eb7

  • SHA256

    b4c9aadd18c1b6f613bf9d6db71dcc010bbdfe8b770b4084eeb7d5c77d95f180

  • SHA512

    aed30ae2e22ded5374f56062cdbcc2a72edea1d727e7fd0624e627f363d18787d5ce4334066b76b23d10e0a2c0169f06e5d6a8f05037d0943bfea110ee805060

Malware Config

Extracted

Family

vidar

Version

12.8

Botnet

288

C2

http://dersed.com/

Attributes
  • profile_id

    288

Targets

    • Target

      555.exe

    • Size

      1.2MB

    • MD5

      ed37ebbe1746dd0d566c8c4769655e0b

    • SHA1

      0a559ebf6ab1cdf292c79aac5ac20c236d975eb7

    • SHA256

      b4c9aadd18c1b6f613bf9d6db71dcc010bbdfe8b770b4084eeb7d5c77d95f180

    • SHA512

      aed30ae2e22ded5374f56062cdbcc2a72edea1d727e7fd0624e627f363d18787d5ce4334066b76b23d10e0a2c0169f06e5d6a8f05037d0943bfea110ee805060

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar Stealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks