vidar | 81f0ea7ee9873de0118f7a630ea06da4072c8bd582ed4dc753a0124e1adb1584 | Triage

Submit
Reports

Overview

overview

Static

static

b145481b3a...47.exe

windows7_x64

b145481b3a...47.exe

windows10_x64

Sharing

General

Target

b145481b3a46c0e94f36eb367b4fb547.exe
Size

502KB
Sample

210728-gjdl98zt7n
MD5

b145481b3a46c0e94f36eb367b4fb547
SHA1

2206daf1a6e4ff8706df648888caa3bdbe5a8d6e
SHA256

81f0ea7ee9873de0118f7a630ea06da4072c8bd582ed4dc753a0124e1adb1584
SHA512

272a600c0586ef8525ad5c5c5698afbe35c65d7f9d2bb8222ba372077dc095e3159b5a973f190d67dc6e36bb56c76770f21ec36748ca18dab95c74273d0de1e3

Score

10^/10

vidar 921 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

b145481b3a46c0e94f36eb367b4fb547.exe

Resource

win7v20210410

vidar 921 discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b145481b3a46c0e94f36eb367b4fb547.exe

Resource

win10v20210408

vidar 921 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

921

C2

https://shpak125.tumblr.com/

Attributes

profile_id
921

Targets

- Target
  
  b145481b3a46c0e94f36eb367b4fb547.exe
- Size
  
  502KB
- MD5
  
  b145481b3a46c0e94f36eb367b4fb547
- SHA1
  
  2206daf1a6e4ff8706df648888caa3bdbe5a8d6e
- SHA256
  
  81f0ea7ee9873de0118f7a630ea06da4072c8bd582ed4dc753a0124e1adb1584
- SHA512
  
  272a600c0586ef8525ad5c5c5698afbe35c65d7f9d2bb8222ba372077dc095e3159b5a973f190d67dc6e36bb56c76770f21ec36748ca18dab95c74273d0de1e3
Score

10^/10

vidar 921 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar921discoveryspywarestealer

behavioral2

vidar921discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy