vidar | 03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049
Size

2.2MB
Sample

220112-mej2haccfq
MD5

93deb09e91071fc2719d2dbe85c65005
SHA1

5680e41dcb4852c7e0f19762a9cdf71d2e714ea5
SHA256

03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049
SHA512

16d8f38ee0852c5f6e4488fb8779e42cbdf8cf3c493087be19e3081fe4a65335538571b1f620c8af818254def06fec685827ab03a93a99636d8dc82de25b4093

Score

10^/10

vidar 1125 spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049.exe

Resource

win10-en-20211208

vidar 1125 spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

49.6

Botnet

1125

C2

https://noc.social/@banda5ker

https://mastodon.social/@banda6ker

Attributes

profile_id
1125

Targets

- Target
  
  03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049
- Size
  
  2.2MB
- MD5
  
  93deb09e91071fc2719d2dbe85c65005
- SHA1
  
  5680e41dcb4852c7e0f19762a9cdf71d2e714ea5
- SHA256
  
  03fafd53235a01c35c4fb70937ee5d0491884e71101e7815a1b478d4ef419049
- SHA512
  
  16d8f38ee0852c5f6e4488fb8779e42cbdf8cf3c493087be19e3081fe4a65335538571b1f620c8af818254def06fec685827ab03a93a99636d8dc82de25b4093
Score

10^/10

vidar 1125 spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1125spywarestealersuricata

© 2018-2024

Terms | Privacy