vidar | 7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
Size

593KB
Sample

210926-ztm3xsfcej
MD5

237152c9f27f8ad0761afdd40b9ac535
SHA1

d608fd4b8ad64d56606fbdd6ac4fc48ae48d060c
SHA256

7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
SHA512

e8164d900a34e95f40f2d2972d71a82e8a2b3b3aec3411c1ec8ea06a56d0d31725ff64188fda87f1ac86f66cbe64f439f233fb6f9867d7dd4542b0c9c1be30e2

Score

10^/10

vidar discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b.exe

Resource

win10-en-20210920

vidar discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
- Size
  
  593KB
- MD5
  
  237152c9f27f8ad0761afdd40b9ac535
- SHA1
  
  d608fd4b8ad64d56606fbdd6ac4fc48ae48d060c
- SHA256
  
  7f50a475800b1c3c6b626f94b3e5946ce1e3061ca3752043b7c25a6c2f41e23b
- SHA512
  
  e8164d900a34e95f40f2d2972d71a82e8a2b3b3aec3411c1ec8ea06a56d0d31725ff64188fda87f1ac86f66cbe64f439f233fb6f9867d7dd4542b0c9c1be30e2
Score

10^/10

vidar discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy