vidar | 050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286 | Triage

Submit
Reports

Overview

overview

Static

static

050cd5573a...86.exe

windows7_x64

050cd5573a...86.exe

windows10_x64

Sharing

General

Target

050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286
Size

583KB
Sample

201112-lfka684kxn
MD5

07c44b0a50366075bd4bc7589f42d715
SHA1

69ace85bfd5e9fbd94089a231b2764aed663092e
SHA256

050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286
SHA512

92edb09bc1b861af2baded74c4837e34aaf1f105264d77dc597e07ea4782ac6cf114a600103688218938ba2f9775a5cf0973aa1054b3a51e6292671397c333fb

Score

10^/10

vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286.exe

Resource

win7v20201028

vidar discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286.exe

Resource

win10v20201028

vidar discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286
- Size
  
  583KB
- MD5
  
  07c44b0a50366075bd4bc7589f42d715
- SHA1
  
  69ace85bfd5e9fbd94089a231b2764aed663092e
- SHA256
  
  050cd5573a279f7d12ca09dc4f45b01878eaee99174beb04e4126fcfc16d5286
- SHA512
  
  92edb09bc1b861af2baded74c4837e34aaf1f105264d77dc597e07ea4782ac6cf114a600103688218938ba2f9775a5cf0973aa1054b3a51e6292671397c333fb
Score

10^/10

vidar discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidardiscoveryspywarestealer

behavioral2

vidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy