Overview

overview

10

Static

static

53660ddc9a...6c.exe

windows7_x64

10

53660ddc9a...6c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53660ddc9a468660788a2b064b62a56c

  • Size

    506KB

  • Sample

    210722-sj5t1mx2ke

  • MD5

    53660ddc9a468660788a2b064b62a56c

  • SHA1

    25b7fb1e8325e331bd359a11d2b063f0b1408cd2

  • SHA256

    c272907c7c9d138993e44dd4e837cd6ac26ce14378acc962a3c4acda14726d42

  • SHA512

    c8bd67c27f4279d00f1e7d0d4cf87b3fe90d85696eab0068ce4208a4e20f4496b287a6099b1dc64a28875fd6e0ddb473aeb936b0e12192ab8f31be3a8777465a

Score
10/10
vidar921discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

921

C2

https://shpak125.tumblr.com/

Attributes
  • profile_id

    921

Targets

    • Target

      53660ddc9a468660788a2b064b62a56c

    • Size

      506KB

    • MD5

      53660ddc9a468660788a2b064b62a56c

    • SHA1

      25b7fb1e8325e331bd359a11d2b063f0b1408cd2

    • SHA256

      c272907c7c9d138993e44dd4e837cd6ac26ce14378acc962a3c4acda14726d42

    • SHA512

      c8bd67c27f4279d00f1e7d0d4cf87b3fe90d85696eab0068ce4208a4e20f4496b287a6099b1dc64a28875fd6e0ddb473aeb936b0e12192ab8f31be3a8777465a

    Score
    10/10
    vidar921discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks