Overview

overview

10

Static

static

4ed7609cbb...ff.exe

windows7_x64

10

4ed7609cbb...ff.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

  • Size

    618KB

  • Sample

    220215-qr8geafch7

  • MD5

    353a21b3835ac7c17a82af79302d23cc

  • SHA1

    03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

  • SHA256

    4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

  • SHA512

    fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar
Version

41.7
Botnet

937
C2

https://mas.to/@lenka51
Attributes
profile_id
937

Targets

    • Target

      4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

    • Size

      618KB

    • MD5

      353a21b3835ac7c17a82af79302d23cc

    • SHA1

      03e96fc686cc15a0bb26186ecb4fe63e6b841c4b

    • SHA256

      4ed7609cbb86ea0b7607b8a002e7f85b316903c3b6801240c9576aae8b3052ff

    • SHA512

      fccacf9a70f9151f081caa6c2d32c2cee3fb3e3c95ce10ee5c632f3007f54c5513b024fc10c9abc9eb9c7703e197360d569040ec3e47d182a123079cba0743dc

    Score
    10/10
    vidar937stealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation