vidar | 6db165fffa378d373fe7f16c1f59ba1b7aa2ac635ce6dcdb374d846ab87d945e | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...54.exe

windows7_x64

eufive_202...54.exe

windows10_x64

Sharing

General

Target

eufive_20210920-004754
Size

672KB
Sample

210926-nykmtaege6
MD5

759483ef7848aad8bcf568d41a71cca5
SHA1

3dfe06e3bf32c1ea623586069169ecc1d14b1ea3
SHA256

6db165fffa378d373fe7f16c1f59ba1b7aa2ac635ce6dcdb374d846ab87d945e
SHA512

a85cb26413263eab22c044274e631c482dcbf69e8340889213e6d6c557f644e3396dc12d302845e0c98c8550af9d3ce8da209d8cd6c6183b17065a47bf5de00b

Score

10^/10

vidar 865 stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210920-004754.exe

Resource

win7v20210408

vidar 865 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210920-004754.exe

Resource

win10-en-20210920

vidar 865 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.7

Botnet

865

C2

https://petrenko96.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210920-004754
- Size
  
  672KB
- MD5
  
  759483ef7848aad8bcf568d41a71cca5
- SHA1
  
  3dfe06e3bf32c1ea623586069169ecc1d14b1ea3
- SHA256
  
  6db165fffa378d373fe7f16c1f59ba1b7aa2ac635ce6dcdb374d846ab87d945e
- SHA512
  
  a85cb26413263eab22c044274e631c482dcbf69e8340889213e6d6c557f644e3396dc12d302845e0c98c8550af9d3ce8da209d8cd6c6183b17065a47bf5de00b
Score

10^/10

vidar 865 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865stealer

behavioral2

vidar865stealer

© 2018-2024

Terms | Privacy