vidar | 532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Resubmissions

22-01-2023 15:20

230122-sq122sgd59 10

18-01-2022 00:18

220118-alwyesegdk 10

Sharing

General

Target

532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a
Size

858KB
Sample

220118-alwyesegdk
MD5

d305c0176dc9a1f3daf516e6034f2b57
SHA1

87faa41997ee2187247d117081d46284193fabda
SHA256

532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a
SHA512

8f7ca5e48f4f21d8429d0719caa6dd705d74c466392c1e91d372915aa8e4855789cd288d94567a59d301cc7335e55c8e0836b3280199ee9001149ab6b36a0a8e

Score

10^/10

vidar 1131 discovery spyware stealer suricata

Static task

static1

stealer 1131 vidar

Behavioral task

behavioral1

Sample

532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a.exe

Resource

win10v2004-en-20220113

vidar discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

49.7

Botnet

1131

C2

https://mastodon.online/@prophef1

https://koyu.space/@prophef2

Attributes

profile_id
1131

Targets

- Target
  
  532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a
- Size
  
  858KB
- MD5
  
  d305c0176dc9a1f3daf516e6034f2b57
- SHA1
  
  87faa41997ee2187247d117081d46284193fabda
- SHA256
  
  532bc078a68683ce70cb765191a128fadee2a23180b1a8e8a16b72f1a8ee291a
- SHA512
  
  8f7ca5e48f4f21d8429d0719caa6dd705d74c466392c1e91d372915aa8e4855789cd288d94567a59d301cc7335e55c8e0836b3280199ee9001149ab6b36a0a8e
Score

10^/10

vidar discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

stealer1131vidar

behavioral1

vidardiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy