Overview

overview

10

Static

static

eufive_202...23.exe

windows7_x64

10

eufive_202...23.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20211022-051123

  • Size

    717KB

  • Sample

    211022-k2pjdsccdj

  • MD5

    0759213189cbf639054841385550f38b

  • SHA1

    a40ab4607eb157c846c30b6358b770890e510ef8

  • SHA256

    c790630bbea74a5d2a9b972c63125749443295944a1d97a666c7f7bf28db6b5c

  • SHA512

    df0d934d26d7e9c76947c5be3df686f6dcd352ca2ce58c74e80393387b2af20facfea48b1b377897c15f14bf3acfbf13abe6ec00bfa42caaccdd9b959cf5c9e9

Score
10/10
vidar865discoveryspywarestealersuricata

Malware Config

Extracted

Family

vidar

Version

41.5

Botnet

865

C2

https://mas.to/@xeroxxx

Attributes
  • profile_id

    865

Targets

    • Target

      eufive_20211022-051123

    • Size

      717KB

    • MD5

      0759213189cbf639054841385550f38b

    • SHA1

      a40ab4607eb157c846c30b6358b770890e510ef8

    • SHA256

      c790630bbea74a5d2a9b972c63125749443295944a1d97a666c7f7bf28db6b5c

    • SHA512

      df0d934d26d7e9c76947c5be3df686f6dcd352ca2ce58c74e80393387b2af20facfea48b1b377897c15f14bf3acfbf13abe6ec00bfa42caaccdd9b959cf5c9e9

    Score
    10/10
    vidar865stealerdiscoveryspywaresuricata

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata

    • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

      suricata

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks