Overview

overview

10

Static

static

build2.exe

windows7_x64

10

build2.exe

windows10-2004_x64

10

Resubmissions

17-06-2022 20:38

220617-zevjfsfgf6 10

19-04-2022 05:58

220419-gn6c7sbef7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build2.exe

  • Size

    603KB

  • Sample

    220419-gn6c7sbef7

  • MD5

    a13e3b18282318c65f096bad322b3c50

  • SHA1

    2c76179e95e583b588bcd516e94e7a2da52d5299

  • SHA256

    ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768

  • SHA512

    acb009f4b622ab7e8729dac2c45da975ba2305612c9575e5c8ce221edecf2d49da2236fc28b00d8f424a251765b935d8acce7bf40a1557d9fc79ba446250e786

Score
10/10
vidardiscoveryspywarestealer

Malware Config

Targets

    • Target

      build2.exe

    • Size

      603KB

    • MD5

      a13e3b18282318c65f096bad322b3c50

    • SHA1

      2c76179e95e583b588bcd516e94e7a2da52d5299

    • SHA256

      ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768

    • SHA512

      acb009f4b622ab7e8729dac2c45da975ba2305612c9575e5c8ce221edecf2d49da2236fc28b00d8f424a251765b935d8acce7bf40a1557d9fc79ba446250e786

    Score
    10/10
    vidardiscoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks