vidar | 7aa72f371bf6a807e7e6c1cd6dfa9131ddc714ce30f6c1ebd36e07f80d2a5707 | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...42.exe

windows7_x64

eufive_202...42.exe

windows10_x64

Sharing

General

Target

eufive_20210920-185942
Size

698KB
Sample

210926-nyxx5segak
MD5

5e81b47aff27985e4207f97490ae513e
SHA1

8a215ffa7260c483ab2d7050880bbb66f150a599
SHA256

7aa72f371bf6a807e7e6c1cd6dfa9131ddc714ce30f6c1ebd36e07f80d2a5707
SHA512

3787d2bfa087c5e3d4ee6a08ce9fd3458a99da08c731f08d4310525a3bc11ab8a6a1ddd84335af6fbdf14b361d7b8eafc4e4a897009a56f83490edc303c48ee9

Score

10^/10

vidar 865 stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210920-185942.exe

Resource

win7-en-20210920

vidar 865 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210920-185942.exe

Resource

win10v20210408

vidar 865 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.8

Botnet

865

C2

https://pavlovoler.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210920-185942
- Size
  
  698KB
- MD5
  
  5e81b47aff27985e4207f97490ae513e
- SHA1
  
  8a215ffa7260c483ab2d7050880bbb66f150a599
- SHA256
  
  7aa72f371bf6a807e7e6c1cd6dfa9131ddc714ce30f6c1ebd36e07f80d2a5707
- SHA512
  
  3787d2bfa087c5e3d4ee6a08ce9fd3458a99da08c731f08d4310525a3bc11ab8a6a1ddd84335af6fbdf14b361d7b8eafc4e4a897009a56f83490edc303c48ee9
Score

10^/10

vidar 865 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865stealer

behavioral2

vidar865stealer

© 2018-2024

Terms | Privacy