vidar | d477ad3c2013fd0471729aa76d86474c70abc3b318eafaeac1578d443fe3bdb3

Sharing

Copy URL

Twitter E-mail

General

Target

d477ad3c2013fd0471729aa76d86474c70abc3b318eafaeac1578d443fe3bdb3
Size

682KB
MD5

36f839a4fb92bb63426ea56622d0f33e
SHA1

22a165166f6f87cb70a7aaa0ef8f906c1e0657a6
SHA256

d477ad3c2013fd0471729aa76d86474c70abc3b318eafaeac1578d443fe3bdb3
SHA512

a0a7b7b7cc986a4901b4f4f4eaa3018fe8ae3fd9a95ad9bf2122ce10fb57651ddefa12c14b8d1050cdc514ae446d5f64c80c6d6fbd9a2104eacc70be671b9fe4
SSDEEP

12288:Dvcv7hQrw/VWllasL3g8gNEWk8G3QsuPkld/I4zzhIn4E8J2BcEASjF+24y9Qhe:jauqtsx5lGxjI/IUWRhUXNdFZI4Ulk3

Score

10^/10

stealer 565 vidar

Malware Config

Extracted

Family

vidar

Version

50.2

Botnet

565

https://c.im/@killern3ax

https://qoto.org/@kill4rnix

Attributes

profile_id
565

Signatures

Vidar Stealer 1 IoCs
stealer

Processes:

resource yara_rule

sample family_vidar
Vidar family
vidar

resource	yara_rule
sample	family_vidar

Files

d477ad3c2013fd0471729aa76d86474c70abc3b318eafaeac1578d443fe3bdb3
.exe windows x86

764f2c8a1402bd58514309fa518ccb90

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
LocalAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
LocalFree
lstrcmpA
FindFirstFileW
GetDriveTypeA
lstrcatA
lstrcmpW
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLogicalDriveStringsA
CopyFileA
FindClose
FindNextFileA
lstrcatW
FindNextFileW
DeleteFileW
GetCurrentProcessId
lstrcpyW
DeleteFileA
CopyFileW
CreateFileA
GetFileSize
WriteFile
ReadFile
MultiByteToWideChar
CloseHandle
FreeLibrary
Process32First
OpenProcess
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
GetFileSizeEx
GetProcAddress
LoadLibraryA
Process32Next
GetPrivateProfileSectionNamesA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GetVersionExA
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
VirtualAlloc
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
LoadLibraryW
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
HeapCreate
HeapValidate
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
GetLastError
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetTempPathA
GetSystemTime
AreFileApisANSI
GetComputerNameA
GetUserDefaultLocaleName
GlobalMemoryStatus
GetLocaleInfoA
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
IsWow64Process
GetModuleHandleA
GetLocalTime
GetFileInformationByHandle
CompareStringW
SetStdHandle
Sleep
VirtualAllocExNuma
VirtualFree
GetCurrentProcess
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetTickCount
ExitProcess
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
GetFileType
GetACP
GetOEMCP
WriteConsoleW

user32

GetDesktopWindow

advapi32

GetUserNameA
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteA
SHFileOperationA
SHGetFolderPathA

shlwapi

PathMatchSpecA
PathMatchSpecW
ord155

gdiplus

GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders

crypt32

CryptUnprotectData

Sections

.text
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

764f2c8a1402bd58514309fa518ccb90

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

gdiplus

crypt32

Sections

.text Size: 541KB - Virtual size: 541KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 11KB - Virtual size: 22KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 541KB - Virtual size: 541KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 11KB - Virtual size: 22KB

.reloc
Size: 25KB - Virtual size: 25KB