Overview

overview

10

Static

static

eufive_202...01.exe

windows7_x64

10

eufive_202...01.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20211008-091601

  • Size

    654KB

  • Sample

    211008-klqfradfh3

  • MD5

    57a7b6ebf21b3252d371bbdfa02dfc1a

  • SHA1

    ee4a57dcaee02dc918edc6687868254d28625fc5

  • SHA256

    43769a07da5087e26b49607e22b2bc46daeb80c8c6549675709839729f5ca637

  • SHA512

    70ec1f2104c3eb61856e494fde94c2160d545fbd087c967bc8650722ef60fe68e026656413e12fbbfa0fbde1f1f3e6ac0547fe3f241464d55b59d5c7128390f5

Score
10/10
vidar865discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

41.2

Botnet

865

C2

https://mas.to/@serg4325

Attributes
  • profile_id

    865

Targets

    • Target

      eufive_20211008-091601

    • Size

      654KB

    • MD5

      57a7b6ebf21b3252d371bbdfa02dfc1a

    • SHA1

      ee4a57dcaee02dc918edc6687868254d28625fc5

    • SHA256

      43769a07da5087e26b49607e22b2bc46daeb80c8c6549675709839729f5ca637

    • SHA512

      70ec1f2104c3eb61856e494fde94c2160d545fbd087c967bc8650722ef60fe68e026656413e12fbbfa0fbde1f1f3e6ac0547fe3f241464d55b59d5c7128390f5

    Score
    10/10
    vidar865stealerdiscoveryspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks