vidar | 3a204809754f292e076e1216f7c2e9817dd6069cbdbc34f6f846c1daa55e6ca4 | Triage

Submit
Reports

Overview

overview

Static

static

usfive_202...22.exe

windows7_x64

usfive_202...22.exe

windows10_x64

Sharing

General

Target

usfive_20210725-104522
Size

654KB
Sample

210725-r8gqqpz8as
MD5

9f5e2e5d9d36630be00cc4b33f9596bc
SHA1

7609f400392ac6fe6a82a953c65ea2193209c4d4
SHA256

3a204809754f292e076e1216f7c2e9817dd6069cbdbc34f6f846c1daa55e6ca4
SHA512

d0ab067e61744f31adc5e77ea001f7197379980d2eea7e2e361687b4141d86d7a9e9fdf9182d6fa123e064eedc883ab608cedfe5df4b00073a14bad298937d6e

Score

10^/10

vidar 818 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20210725-104522.exe

Resource

win7v20210410

vidar 818 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usfive_20210725-104522.exe

Resource

win10v20210408

vidar 818 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

818

C2

https://shpak125.tumblr.com/

Attributes

profile_id
818

Targets

- Target
  
  usfive_20210725-104522
- Size
  
  654KB
- MD5
  
  9f5e2e5d9d36630be00cc4b33f9596bc
- SHA1
  
  7609f400392ac6fe6a82a953c65ea2193209c4d4
- SHA256
  
  3a204809754f292e076e1216f7c2e9817dd6069cbdbc34f6f846c1daa55e6ca4
- SHA512
  
  d0ab067e61744f31adc5e77ea001f7197379980d2eea7e2e361687b4141d86d7a9e9fdf9182d6fa123e064eedc883ab608cedfe5df4b00073a14bad298937d6e
Score

10^/10

vidar 818 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar818discoveryspywarestealersuricata

behavioral2

vidar818discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy