Overview

overview

10

Static

static

bc8f0bfb94...58.exe

windows7_x64

10

bc8f0bfb94...58.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc8f0bfb94d9a4455282bb072b79e858.exe

  • Size

    683KB

  • Sample

    211013-lkehjadhc4

  • MD5

    bc8f0bfb94d9a4455282bb072b79e858

  • SHA1

    bb004397b82ba101f65a6aa9e8c7533061c01e2b

  • SHA256

    1fbbaa6cfa20d6e11a3e5e4ba0702f608d474cbf5a86eef891fb57a671c684be

  • SHA512

    60a40427f9011abc97e48dace42c8b0d9f39b1416e0d8dd27bab1110d99248fb8e273bd4218b8427bf6a4525c6d157b021703e43d5c5473d95f26f6e7d5ef1ad

Score
10/10
vidar1008discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Targets

    • Target

      bc8f0bfb94d9a4455282bb072b79e858.exe

    • Size

      683KB

    • MD5

      bc8f0bfb94d9a4455282bb072b79e858

    • SHA1

      bb004397b82ba101f65a6aa9e8c7533061c01e2b

    • SHA256

      1fbbaa6cfa20d6e11a3e5e4ba0702f608d474cbf5a86eef891fb57a671c684be

    • SHA512

      60a40427f9011abc97e48dace42c8b0d9f39b1416e0d8dd27bab1110d99248fb8e273bd4218b8427bf6a4525c6d157b021703e43d5c5473d95f26f6e7d5ef1ad

    Score
    10/10
    vidar1008stealerdiscoveryspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks