vidar | 76c560825257c1a9fe8e31d9a93b8c8d3dad624d54bdea3d22bafda20c1ef6e7 | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...01.exe

windows7_x64

eufive_202...01.exe

windows10_x64

Sharing

General

Target

eufive_20210921-095401
Size

670KB
Sample

210926-nzah8segf3
MD5

682f92fd27185d119b0397f418c7708a
SHA1

d506de8c8f55882cd55479734bd3100d1ffeac4b
SHA256

76c560825257c1a9fe8e31d9a93b8c8d3dad624d54bdea3d22bafda20c1ef6e7
SHA512

b1299f8f9bb5fa5022a50b2bdda602f3a7ecfc544820c55ee1ca93f2cfda10724a173d46bca03a9447690b3d4ee807b2cd8f0df51469fb6c43c5c35661d9460a

Score

10^/10

vidar 865 stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20210921-095401.exe

Resource

win7v20210408

vidar 865 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20210921-095401.exe

Resource

win10-en-20210920

vidar 865 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

40.8

Botnet

865

C2

https://pavlovoler.tumblr.com/

Attributes

profile_id
865

Targets

- Target
  
  eufive_20210921-095401
- Size
  
  670KB
- MD5
  
  682f92fd27185d119b0397f418c7708a
- SHA1
  
  d506de8c8f55882cd55479734bd3100d1ffeac4b
- SHA256
  
  76c560825257c1a9fe8e31d9a93b8c8d3dad624d54bdea3d22bafda20c1ef6e7
- SHA512
  
  b1299f8f9bb5fa5022a50b2bdda602f3a7ecfc544820c55ee1ca93f2cfda10724a173d46bca03a9447690b3d4ee807b2cd8f0df51469fb6c43c5c35661d9460a
Score

10^/10

vidar 865 stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar865stealer

behavioral2

vidar865stealer

© 2018-2024

Terms | Privacy