vidar | 7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a
Size

666KB
Sample

220222-wahgjscheq
MD5

d9b9cec66f47749fd256f14cfcb1245c
SHA1

f7ecc1acee663ba30e7d5faa105a344f6f145a61
SHA256

7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a
SHA512

6f036d7e01670b09099b23f4a9a2518752968fffa238f255981c836d4c60de9339920d6a70172f46aead52bdafd24c28e65704a3f975767ed2018b2e61980cc1

Score

10^/10

vidar 565 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a.exe

Resource

win10-en-20211208

vidar 565 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

50.3

Botnet

565

C2

https://mastodon.social/@kill5rnax

https://noc.social/@kill6nix

Attributes

profile_id
565

Targets

- Target
  
  7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a
- Size
  
  666KB
- MD5
  
  d9b9cec66f47749fd256f14cfcb1245c
- SHA1
  
  f7ecc1acee663ba30e7d5faa105a344f6f145a61
- SHA256
  
  7583535db1acd3e82f0d8359614568baa860264c93a9b70ad8be6819eb4e952a
- SHA512
  
  6f036d7e01670b09099b23f4a9a2518752968fffa238f255981c836d4c60de9339920d6a70172f46aead52bdafd24c28e65704a3f975767ed2018b2e61980cc1
Score

10^/10

vidar 565 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
  suricata
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
  suricata
- suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar565discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy