Overview

overview

10

Static

static

4401cc5459...ac.exe

windows7_x64

10

4401cc5459...ac.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4401cc5459665a04cab4be3e7930ab187e86908b056ad321e19b3b0e8fc255ac

  • Size

    602KB

  • Sample

    220215-q7129sghcm

  • MD5

    21bb6f6da4d85a40fea01d98c2132b50

  • SHA1

    eebad8256656b3113eba7321bcce467a61a98322

  • SHA256

    4401cc5459665a04cab4be3e7930ab187e86908b056ad321e19b3b0e8fc255ac

  • SHA512

    3b1b4c91181d5b286e795afc5ef3549f1473595aa5a69cb51d6d9b31dcda284003d682f1bf3f24d663f4b552ac991996169107c9ac1707901c0fe0ba57f61d9f

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar

Version

47.9

Botnet

937

C2

https://mas.to/@kirpich

Attributes
  • profile_id

    937

Targets

    • Target

      4401cc5459665a04cab4be3e7930ab187e86908b056ad321e19b3b0e8fc255ac

    • Size

      602KB

    • MD5

      21bb6f6da4d85a40fea01d98c2132b50

    • SHA1

      eebad8256656b3113eba7321bcce467a61a98322

    • SHA256

      4401cc5459665a04cab4be3e7930ab187e86908b056ad321e19b3b0e8fc255ac

    • SHA512

      3b1b4c91181d5b286e795afc5ef3549f1473595aa5a69cb51d6d9b31dcda284003d682f1bf3f24d663f4b552ac991996169107c9ac1707901c0fe0ba57f61d9f

    Score
    10/10
    vidar937stealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks