vidar | fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2
Size

1.5MB
Sample

210926-zz9twafcer
MD5

0df01c1fdfcbbbd3b7b57cbe2c05c3f2
SHA1

8e8c6e4d1855686c234951a90451c2a20d2bbd58
SHA256

fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2
SHA512

9e7ee27c2adac2b35d6fcc5c7545a09694afd37000338b289045def44f9ad3d18b77cf38bd2a98ff140226525d9a810d63bb53e6e97bf06c9e9520740927b557

Score

10^/10

vidar spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2.exe

Resource

win10-en-20210920

vidar spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2
- Size
  
  1.5MB
- MD5
  
  0df01c1fdfcbbbd3b7b57cbe2c05c3f2
- SHA1
  
  8e8c6e4d1855686c234951a90451c2a20d2bbd58
- SHA256
  
  fa9cf0df3f912eb71ab7c15d6fcde93c65b950473a842b4bdaac31ba45fa84f2
- SHA512
  
  9e7ee27c2adac2b35d6fcc5c7545a09694afd37000338b289045def44f9ad3d18b77cf38bd2a98ff140226525d9a810d63bb53e6e97bf06c9e9520740927b557
Score

10^/10

vidar spyware stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarspywarestealer

© 2018-2024

Terms | Privacy