vidar | 63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
Size

711KB
Sample

210922-tm4t7sfgdl
MD5

b136307025010cb70238dcee637eba4d
SHA1

3fb5a158384bdc91c03c63b495826f02ef429794
SHA256

63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
SHA512

7ef6ae18167455ab6b092c42258558abcd09d9db54ac68d9e9b9bd3450135ca1e167947ea9eab95b830bcf977b9fd17e5094990b98eeff549ab41cb78d1a3ce1

Score

10^/10

vidar 828 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23.exe

Resource

win10-en-20210920

vidar 828 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.9

Botnet

828

C2

https://stacenko668.tumblr.com/

Attributes

profile_id
828

Targets

- Target
  
  63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
- Size
  
  711KB
- MD5
  
  b136307025010cb70238dcee637eba4d
- SHA1
  
  3fb5a158384bdc91c03c63b495826f02ef429794
- SHA256
  
  63ec08b6c428cd832e49b855a3b07f441c1f5017eacd0a77fe6caefb357f9f23
- SHA512
  
  7ef6ae18167455ab6b092c42258558abcd09d9db54ac68d9e9b9bd3450135ca1e167947ea9eab95b830bcf977b9fd17e5094990b98eeff549ab41cb78d1a3ce1
Score

10^/10

vidar 828 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar828discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy