Overview

overview

10

Static

static

c7ad7dc565...0d.exe

windows7_x64

10

c7ad7dc565...0d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

  • Size

    675KB

  • Sample

    220215-gyt3xsdafk

  • MD5

    cef76d7fba522e19ac03269b6275ff3f

  • SHA1

    81cbb61d06fcd512081a5dac97a7865d98d7a22b

  • SHA256

    c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

  • SHA512

    e4728e26ab451ec452fbb5b61fbc7efe4c7e3c138cb91ed2a4bb75a339bf2ee1cdee9f7fa0c03fb398fea3c6dd87c5075bff0095b6e55811198865550bdab33a

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar
Version

48.1
Botnet

937
C2

https://koyu.space/@rspich
Attributes
profile_id
937

Targets

    • Target

      c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

    • Size

      675KB

    • MD5

      cef76d7fba522e19ac03269b6275ff3f

    • SHA1

      81cbb61d06fcd512081a5dac97a7865d98d7a22b

    • SHA256

      c7ad7dc565687b2fe2b2652ffbd135188acb4eef29c2e0d72a116bd988c1e40d

    • SHA512

      e4728e26ab451ec452fbb5b61fbc7efe4c7e3c138cb91ed2a4bb75a339bf2ee1cdee9f7fa0c03fb398fea3c6dd87c5075bff0095b6e55811198865550bdab33a

    Score
    10/10
    vidar937stealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation