Overview

overview

10

Static

static

f24bd8c229...93.exe

windows7_x64

10

f24bd8c229...93.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

  • Size

    1.6MB

  • Sample

    210402-ky3nh1tr2a

  • MD5

    21ccef2f0c663e5867ee090333b8206e

  • SHA1

    e37e51fb105119a52af3d015fd96eda7a480232b

  • SHA256

    f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

  • SHA512

    fc079ed52b9c48fb137b92c84b61e8d4f5d34acd17b4c2326cc821cb977ff70fc50caeff984660f345faf360500fdb290065ceacfbcd51622b6538b0051b86d1

Score
10/10
vidarspywarestealer

Malware Config

Targets

    • Target

      f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

    • Size

      1.6MB

    • MD5

      21ccef2f0c663e5867ee090333b8206e

    • SHA1

      e37e51fb105119a52af3d015fd96eda7a480232b

    • SHA256

      f24bd8c22941fdf06881f9e4ee40b44db08dcc8323b81aad6cd2e2aadb5ffb93

    • SHA512

      fc079ed52b9c48fb137b92c84b61e8d4f5d34acd17b4c2326cc821cb977ff70fc50caeff984660f345faf360500fdb290065ceacfbcd51622b6538b0051b86d1

    Score
    10/10
    vidarspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks