Overview

overview

10

Static

static

eufive_202...30.exe

windows7_x64

10

eufive_202...30.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20211228-085730

  • Size

    711KB

  • Sample

    211228-k3qsvadfd8

  • MD5

    fea1fb38720662d886bb0a813d29299b

  • SHA1

    80f00948f2b778f70009d9e8576faf4af4556532

  • SHA256

    46b83f9354b54b8bf6bc36bf0a41d7c9c47dc0bec8fc9b986546589aca54325b

  • SHA512

    af54c484e593d879f1db12d143532d33933c752e0662b56bc56e0fcb8e4896ceebecc13d5ec27cf959ab219d18e3186e1b2cf5e153da5e68b95ff9ceae6f73af

Score
10/10
vidar818discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

49.2

Botnet

818

C2

https://mstdn.social/@kipriauk9

https://qoto.org/@kipriauk8
Attributes
  • profile_id

    818

Targets

    • Target

      eufive_20211228-085730

    • Size

      711KB

    • MD5

      fea1fb38720662d886bb0a813d29299b

    • SHA1

      80f00948f2b778f70009d9e8576faf4af4556532

    • SHA256

      46b83f9354b54b8bf6bc36bf0a41d7c9c47dc0bec8fc9b986546589aca54325b

    • SHA512

      af54c484e593d879f1db12d143532d33933c752e0662b56bc56e0fcb8e4896ceebecc13d5ec27cf959ab219d18e3186e1b2cf5e153da5e68b95ff9ceae6f73af

    Score
    10/10
    vidar818discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks