vidar | df4cd9ab52e33c4216936ee0e9449353f1b06944a80667cef4855208d47220bd | Triage

Submit
Reports

Overview

overview

Static

static

b45cab378e...59.exe

windows7_x64

b45cab378e...59.exe

windows10_x64

Sharing

General

Target

b45cab378ecffab47a093c4fbab84f59.exe
Size

622KB
Sample

210507-c8ds3ldcg2
MD5

b45cab378ecffab47a093c4fbab84f59
SHA1

480cc0be2ba967c85e358cd027a4d34e0693b3ed
SHA256

df4cd9ab52e33c4216936ee0e9449353f1b06944a80667cef4855208d47220bd
SHA512

26a2846507de782ee26c303f1dcdb1db79a086b736a535208013df72d77db940d346ccefae9e1a0c8b894ea8a2ebe0803f3df9076618f16aff236b29289b2b34

Score

10^/10

vidar 890 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b45cab378ecffab47a093c4fbab84f59.exe

Resource

win7v20210410

vidar 890 discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b45cab378ecffab47a093c4fbab84f59.exe

Resource

win10v20210410

vidar 890 discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

38.7

Botnet

890

C2

https://HAL9THapi.faceit.comramilgame

Attributes

profile_id
890

Targets

- Target
  
  b45cab378ecffab47a093c4fbab84f59.exe
- Size
  
  622KB
- MD5
  
  b45cab378ecffab47a093c4fbab84f59
- SHA1
  
  480cc0be2ba967c85e358cd027a4d34e0693b3ed
- SHA256
  
  df4cd9ab52e33c4216936ee0e9449353f1b06944a80667cef4855208d47220bd
- SHA512
  
  26a2846507de782ee26c303f1dcdb1db79a086b736a535208013df72d77db940d346ccefae9e1a0c8b894ea8a2ebe0803f3df9076618f16aff236b29289b2b34
Score

10^/10

vidar 890 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar890discoveryspywarestealer

behavioral2

vidar890discoveryspywarestealer

© 2018-2024

Terms | Privacy