vidar | 012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647
Size

743KB
Sample

211013-nmp36adghj
MD5

ac055657ca51f6f287dc274e7d2f5408
SHA1

21b13846032ca370cbe5dbf7d517f5939d951063
SHA256

012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647
SHA512

cc23b955d3f68c000f8963a9521fc10a3e9c1387d78434e4e1793c31718c7e3f3d366924e0d721035849246ead53865cf9926373b0cc0555ba3f628ff993968b

Score

10^/10

vidar 1008 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647.exe

Resource

win10v20210408

vidar 1008 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes

profile_id
1008

Targets

- Target
  
  012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647
- Size
  
  743KB
- MD5
  
  ac055657ca51f6f287dc274e7d2f5408
- SHA1
  
  21b13846032ca370cbe5dbf7d517f5939d951063
- SHA256
  
  012c19bf28e36393c72190979caeba798f55af69a7a2cb8ebea1f86b5fa28647
- SHA512
  
  cc23b955d3f68c000f8963a9521fc10a3e9c1387d78434e4e1793c31718c7e3f3d366924e0d721035849246ead53865cf9926373b0cc0555ba3f628ff993968b
Score

10^/10

vidar 1008 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1008discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy