Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 28/09/2021

28th of September 2021 - Winners of the 39th week : Redline, NjRAT and Formbook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

28/09/2021

Distribution :

TLP : WHITE  

What's new?

Vidar(NC)

New Vidar Stealer Evasion Arsenal

A new anti analysis technic has been spotted while investigating #Vidar Stealer by #Minerva analysts. Those #anti debugging technics are used to prevent detection by security products which performs their analysis inside an #emulator environment like a sandbox but, usually, with some specific's configuration. The analyzed sample of #Vidar contains 3 distinct methods to prevent the detection, such as the use of IsDebuggerPresent #API call as well as the username and the hostname used by #Microsoft Defender inside the emulator (#JohnDoe and #HAL9TH). Vidar, a malware as a Service (#MaaS) is deployed to steal sensitive information such as #banking credential, #saved password, #browser history or #crypto wallet.

 

https://blog.minerva-labs.com/vidar-stealer-evasion-arsenal

 

Download the report