vidar | f1965eab648649f5bcb6d7cc954eec13ae87320654253a19fe55199d7da9fbdb | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...22.exe

windows7_x64

eufive_202...22.exe

windows10_x64

Sharing

General

Target

eufive_20210904-225322
Size

662KB
Sample

210906-kkh1aaeaap
MD5

792e07f07b6ad87f9c078fdf48bd487b
SHA1

e514610dc1f1509e096767e5e0130d79c57081ca
SHA256

f1965eab648649f5bcb6d7cc954eec13ae87320654253a19fe55199d7da9fbdb
SHA512

194fd61239d41af1c774337d1596664a3c019e01980ae740ad473ac2722e6931ee185fa29a4dc968af82d1356ccf4c65bd14baaa5d3c1792db8f255dbeb87102

Score

10^/10

vidar 865 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210904-225322.exe

Resource

win7v20210408

vidar 865 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210904-225322.exe

Resource

win10-en

vidar 865 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.4

Botnet

865

C2

https://romkaxarit.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210904-225322
- Size
  
  662KB
- MD5
  
  792e07f07b6ad87f9c078fdf48bd487b
- SHA1
  
  e514610dc1f1509e096767e5e0130d79c57081ca
- SHA256
  
  f1965eab648649f5bcb6d7cc954eec13ae87320654253a19fe55199d7da9fbdb
- SHA512
  
  194fd61239d41af1c774337d1596664a3c019e01980ae740ad473ac2722e6931ee185fa29a4dc968af82d1356ccf4c65bd14baaa5d3c1792db8f255dbeb87102
Score

10^/10

vidar 865 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865discoveryspywarestealersuricata

behavioral2

vidar865discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy