vidar | 7be59d6101c5fb704ebcfc4b66e6ede40c13b1829d30bf99a632ea1ad5c82621 | Triage

Submit
Reports

Overview

overview

Static

static

usfive_202...56.exe

windows7_x64

usfive_202...56.exe

windows10_x64

Sharing

General

Target

usfive_20210920-212056
Size

698KB
Sample

210926-ny2w4aegf2
MD5

8ac2459090b5d3d4a0f20361432fa5e4
SHA1

f5c8f624ad6dbf40326b51be6d1295c037438114
SHA256

7be59d6101c5fb704ebcfc4b66e6ede40c13b1829d30bf99a632ea1ad5c82621
SHA512

8484bec8a08774a3695f4baa012cfcbc3c8b4c1b622235716eaf5c71348ddf9e08ccd93199bb207243437508451fbb9ac61e8828aa5b91e8b1c076cadc63156a

Score

10^/10

vidar 1015 stealer

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20210920-212056.exe

Resource

win7-en-20210920

vidar 1015 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usfive_20210920-212056.exe

Resource

win10v20210408

vidar 1015 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.8

Botnet

1015

C2

https://pavlovoler.tumblr.com/

Attributes

profile_id
1015

Targets

- Target
  
  usfive_20210920-212056
- Size
  
  698KB
- MD5
  
  8ac2459090b5d3d4a0f20361432fa5e4
- SHA1
  
  f5c8f624ad6dbf40326b51be6d1295c037438114
- SHA256
  
  7be59d6101c5fb704ebcfc4b66e6ede40c13b1829d30bf99a632ea1ad5c82621
- SHA512
  
  8484bec8a08774a3695f4baa012cfcbc3c8b4c1b622235716eaf5c71348ddf9e08ccd93199bb207243437508451fbb9ac61e8828aa5b91e8b1c076cadc63156a
Score

10^/10

vidar 1015 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1015stealer

behavioral2

vidar1015stealer

© 2018-2024

Terms | Privacy