Overview

overview

10

Static

static

c7ad7dc565...0d.exe

windows7_x64

10

c7ad7dc565...0d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

  • Size

    675KB

  • Sample

    220215-gyt3xsdafk

  • MD5

    cef76d7fba522e19ac03269b6275ff3f

  • SHA1

    81cbb61d06fcd512081a5dac97a7865d98d7a22b

  • SHA256

    c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

  • SHA512

    e4728e26ab451ec452fbb5b61fbc7efe4c7e3c138cb91ed2a4bb75a339bf2ee1cdee9f7fa0c03fb398fea3c6dd87c5075bff0095b6e55811198865550bdab33a

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar

Version

48.1

Botnet

937

C2

https://koyu.space/@rspich

Attributes
  • profile_id

    937

Targets

    • Target

      c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

    • Size

      675KB

    • MD5

      cef76d7fba522e19ac03269b6275ff3f

    • SHA1

      81cbb61d06fcd512081a5dac97a7865d98d7a22b

    • SHA256

      c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

    • SHA512

      e4728e26ab451ec452fbb5b61fbc7efe4c7e3c138cb91ed2a4bb75a339bf2ee1cdee9f7fa0c03fb398fea3c6dd87c5075bff0095b6e55811198865550bdab33a

    Score
    10/10
    vidar937stealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks