vidar | 6c5cc4dd03315eb744f8ab77cec40bdf6fc24351471b7bb88700b31fb1cd4288 | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...25.exe

windows7_x64

eufive_202...25.exe

windows10_x64

Sharing

General

Target

eufive_20210919-061425
Size

667KB
Sample

210926-nyaslsegd7
MD5

46302b8558c8536644e001148ef055c5
SHA1

ceb335a297300d9df123ece8287956ac2e4dc6f0
SHA256

6c5cc4dd03315eb744f8ab77cec40bdf6fc24351471b7bb88700b31fb1cd4288
SHA512

018c68bfa640eab464eb296b3a355c8ebc4e8b2bafd42e617b6c4d09bf80e0a28ce969e4dfa1cc8c931c7f66d91e215efb6a03ef85c93018404bb88cad4679c4

Score

10^/10

vidar 865 stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210919-061425.exe

Resource

win7-en-20210920

vidar 865 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210919-061425.exe

Resource

win10-en-20210920

vidar 865 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.7

Botnet

865

C2

https://petrenko96.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210919-061425
- Size
  
  667KB
- MD5
  
  46302b8558c8536644e001148ef055c5
- SHA1
  
  ceb335a297300d9df123ece8287956ac2e4dc6f0
- SHA256
  
  6c5cc4dd03315eb744f8ab77cec40bdf6fc24351471b7bb88700b31fb1cd4288
- SHA512
  
  018c68bfa640eab464eb296b3a355c8ebc4e8b2bafd42e617b6c4d09bf80e0a28ce969e4dfa1cc8c931c7f66d91e215efb6a03ef85c93018404bb88cad4679c4
Score

10^/10

vidar 865 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865stealer

behavioral2

vidar865stealer

© 2018-2024

Terms | Privacy