Overview

overview

10

Static

static

eufive_202...12.exe

windows7_x64

10

eufive_202...12.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20211226-194912

  • Size

    758KB

  • Sample

    211226-xhhb7abgd3

  • MD5

    188291b02b14f26e740953692cab5e9f

  • SHA1

    26fa3c87d6513b4932847fdc337c8bad503ab59a

  • SHA256

    6c897d149174cb466d136648037e60c26813a0f6a6f4f01f0df39e1bc235e179

  • SHA512

    ba98859951bfc8c2cb8c2638f8644947139d7ea6409b2d470303c73e1562f9cb855bee42b7e7506299713ed930c982d37069dbfac5475274c6db4f337ed23c16

Score
10/10
vidar818discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

49.2

Botnet

818

C2

https://mstdn.social/@kipriauk9

https://qoto.org/@kipriauk8
Attributes
  • profile_id

    818

Targets

    • Target

      eufive_20211226-194912

    • Size

      758KB

    • MD5

      188291b02b14f26e740953692cab5e9f

    • SHA1

      26fa3c87d6513b4932847fdc337c8bad503ab59a

    • SHA256

      6c897d149174cb466d136648037e60c26813a0f6a6f4f01f0df39e1bc235e179

    • SHA512

      ba98859951bfc8c2cb8c2638f8644947139d7ea6409b2d470303c73e1562f9cb855bee42b7e7506299713ed930c982d37069dbfac5475274c6db4f337ed23c16

    Score
    10/10
    vidar818discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks