vidar | fe96a24886ace072952dae318c99362572ff421c903ab154cf73d8649530c587 | Triage

Submit
Reports

Overview

overview

Static

static

eufive_202...2).exe

windows7_x64

eufive_202...2).exe

windows10_x64

Sharing

General

Target

eufive_20211108-162929(2)
Size

688KB
Sample

211108-xpsfqschd6
MD5

3f36f9d968431d0945b78ebca0a4adbb
SHA1

ad058a3f84037b7f5e442960d4bf388549ab0057
SHA256

fe96a24886ace072952dae318c99362572ff421c903ab154cf73d8649530c587
SHA512

aae4d9bc11077ced64d2cf1c96a428462c010231bd40cde83e44f10794a3f9c4807061bb4f09dd68370125af033558ccadaa44a923f0093589704ae63553e183

Score

10^/10

vidar 824 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

eufive_20211108-162929(2).exe

Resource

win7-en-20211104

vidar 824 discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eufive_20211108-162929(2).exe

Resource

win10-en-20211014

vidar 824 stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

48.1

Botnet

824

C2

https://koyu.space/@rspich

Attributes

profile_id
824

Targets

- Target
  
  eufive_20211108-162929(2)
- Size
  
  688KB
- MD5
  
  3f36f9d968431d0945b78ebca0a4adbb
- SHA1
  
  ad058a3f84037b7f5e442960d4bf388549ab0057
- SHA256
  
  fe96a24886ace072952dae318c99362572ff421c903ab154cf73d8649530c587
- SHA512
  
  aae4d9bc11077ced64d2cf1c96a428462c010231bd40cde83e44f10794a3f9c4807061bb4f09dd68370125af033558ccadaa44a923f0093589704ae63553e183
Score

10^/10

vidar 824 discovery spyware stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar824discoveryspywarestealer

behavioral2

vidar824stealer

© 2018-2024

Terms | Privacy