vidar | cfd12524dabd262969fceec775a0a69b6c1d8de0ecc77f8e2eb1e86ef6a78032 | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...55.exe

windows7_x64

eufive_202...55.exe

windows10_x64

Sharing

General

Target

eufive_20210918-073455
Size

667KB
Sample

210926-nxvrdsefgl
MD5

aaa19ad4c1b545622a767b0fdb77e7bf
SHA1

e8c333ff4e27db9a116aca9097eb2b5d9a30e366
SHA256

cfd12524dabd262969fceec775a0a69b6c1d8de0ecc77f8e2eb1e86ef6a78032
SHA512

f499e9f803b7271e1c2882f846d5aafa02588891663bb5b83b57487bf453a0ad6b914d15686d3bf7cff3ce6df51e20e593801923f292d37cbd621702d1abd070

Score

10^/10

vidar 865 stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210918-073455.exe

Resource

win7v20210408

vidar 865 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210918-073455.exe

Resource

win10-en-20210920

vidar 865 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.7

Botnet

865

C2

https://petrenko96.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210918-073455
- Size
  
  667KB
- MD5
  
  aaa19ad4c1b545622a767b0fdb77e7bf
- SHA1
  
  e8c333ff4e27db9a116aca9097eb2b5d9a30e366
- SHA256
  
  cfd12524dabd262969fceec775a0a69b6c1d8de0ecc77f8e2eb1e86ef6a78032
- SHA512
  
  f499e9f803b7271e1c2882f846d5aafa02588891663bb5b83b57487bf453a0ad6b914d15686d3bf7cff3ce6df51e20e593801923f292d37cbd621702d1abd070
Score

10^/10

vidar 865 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865stealer

behavioral2

vidar865stealer

© 2018-2024

Terms | Privacy