vidar | 43970e64f251040e9284a4cec968b01cce4a3cd23be67a1f21dd14e54f7a9bf1 | Triage

Sharing

General

Target

Adobe-Photoshop-CC-2022-1.4-main.zip
Size

321.4MB
Sample

220420-11hmfscfb5
MD5

3125bf101de5d7520a8a90e1b83435bb
SHA1

6053ef9976a95be6abe1bc57cd3f32bc7e71e6c0
SHA256

43970e64f251040e9284a4cec968b01cce4a3cd23be67a1f21dd14e54f7a9bf1
SHA512

4b957e35a0922e401020adf8be30aa0e8fe994e8e9815f4a6fc57a81f8629ea41448299d236496c484df62c50b3c2b5a5a25f779f94439273e1252150c6c3984

Score

10^/10

vidar 1199 link pdf persistence spyware stealer

Malware Config

Extracted

Family

vidar

Version

51.8

Botnet

1199

C2

https://t.me/mm20220428

https://koyu.space/@ronxik123

Attributes

profile_id
1199

Targets

- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/Adobe Photoshop.exe
- Size
  
  3.1MB
- MD5
  
  6ae17cb76cdf097d4dc4fcccfb5abd8a
- SHA1
  
  93ff6dadfeb9711ae0e1abfaaaf2310283648048
- SHA256
  
  b7981244c7c3d79872799387efa6656ba1dd82055d6ae59c2f788690fca357b0
- SHA512
  
  65cbe2a5155eead125b11d8be86f48a0b71f87b34cca8fe1af09466fcc4a754ac06cb10b48f396065bc03e764dc6e89317ba51e615fba49f950341d86ab5fe77
Score

10^/10

vidar 1199 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/Resources/products/packages/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
- Size
  
  93KB
- MD5
  
  2ff41c1cdfb7f392ef9f600f083e0aca
- SHA1
  
  e5e55cee5bb93a0ab0d9034d973ae3af0ebca2a0
- SHA256
  
  b9a278cd7f3539f86fc65fb19a7ece72a3b3870f0e3f042cc1d6ab089196b8aa
- SHA512
  
  577ff4989edbaea5e43ae30d0dc84a936d2affee6f841ede8563f4003b2f2bec8da7d9c8d0a6c480183be47f09ab883c188246178f1f4363ac09a627b612b0ef
Score

1^/10
behavioral3 behavioral4
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
- Size
  
  93KB
- MD5
  
  2ff41c1cdfb7f392ef9f600f083e0aca
- SHA1
  
  e5e55cee5bb93a0ab0d9034d973ae3af0ebca2a0
- SHA256
  
  b9a278cd7f3539f86fc65fb19a7ece72a3b3870f0e3f042cc1d6ab089196b8aa
- SHA512
  
  577ff4989edbaea5e43ae30d0dc84a936d2affee6f841ede8563f4003b2f2bec8da7d9c8d0a6c480183be47f09ab883c188246178f1f4363ac09a627b612b0ef
Score

1^/10
behavioral5 behavioral6
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
- Size
  
  93KB
- MD5
  
  2ff41c1cdfb7f392ef9f600f083e0aca
- SHA1
  
  e5e55cee5bb93a0ab0d9034d973ae3af0ebca2a0
- SHA256
  
  b9a278cd7f3539f86fc65fb19a7ece72a3b3870f0e3f042cc1d6ab089196b8aa
- SHA512
  
  577ff4989edbaea5e43ae30d0dc84a936d2affee6f841ede8563f4003b2f2bec8da7d9c8d0a6c480183be47f09ab883c188246178f1f4363ac09a627b612b0ef
Score

1^/10
behavioral7 behavioral8
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
- Size
  
  273KB
- MD5
  
  b6af6111d1504a5de92583bfc0a2d699
- SHA1
  
  81642a0e0d2a68c883c2e8d422c73ff9712874ea
- SHA256
  
  9eb8972854d766abbb643f237edf090f055151d78eb15b83414628e49712318f
- SHA512
  
  a547ec2b77aa3fd5615062953f47d7558e271a1efe772e07dd0cd910e8a3db511f5cfa81aba19085623ebe22c96d7e31e8aca96f95ba75a22c02356079474d19
Score

1^/10
behavioral9 behavioral10
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll
- Size
  
  30.1MB
- MD5
  
  1aea956e1b619bf7a19d8273c4746377
- SHA1
  
  a4d1c8362cfc5186dba47660bcd262dcd15ad7f4
- SHA256
  
  4a0934949784137f30f3f3b60f8cd8e10ffed0aa0d4eece58a3792072522611b
- SHA512
  
  8e192ab562f0c7cb122a525868376204229cea36d9521d521891b8f904d4888ae0ae8ca1717daf89c2379192a57462cf83afaae212db1213da47016a040c1a24
Score

3^/10
behavioral11 behavioral12
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
- Size
  
  30.1MB
- MD5
  
  1aea956e1b619bf7a19d8273c4746377
- SHA1
  
  a4d1c8362cfc5186dba47660bcd262dcd15ad7f4
- SHA256
  
  4a0934949784137f30f3f3b60f8cd8e10ffed0aa0d4eece58a3792072522611b
- SHA512
  
  8e192ab562f0c7cb122a525868376204229cea36d9521d521891b8f904d4888ae0ae8ca1717daf89c2379192a57462cf83afaae212db1213da47016a040c1a24
Score

3^/10
behavioral13 behavioral14
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/CompatProvider.dll
- Size
  
  153KB
- MD5
  
  3fdd65dc6f4cde851ae0bb6131ad64a6
- SHA1
  
  cbd59cde42d7486fa26cdf74240c536b3a21759d
- SHA256
  
  bc324ad41c0a846bcfdca8f77b6a31038f9c85c546810e61ad256c7169232203
- SHA512
  
  14663ff5f948bdd15a5a2ef6c8c22d3ecf34de81676fa434c3ba9a8907673896ea7e68d687fe9d77ec3702be992f42cd4283408682386708fcbc5cff64051596
Score

1^/10
behavioral15 behavioral16
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
- Size
  
  363KB
- MD5
  
  79905089a5314275bf6ec460e51b90fa
- SHA1
  
  ac866e2a717f935c5b0f9a2d03a0ba5853be1982
- SHA256
  
  70b3822c5eed203b66a732cc28a70f0d97041ba4b59782b01e6d764ee0a8e80f
- SHA512
  
  55ab86bbdfa0d8ad915c5f0d6c8ce5c49eb699fd305a94a974c996a2db6a3cc547ceac6ec737cb7f7ba71ab2805b9a18535ae3ddb582bd2c556958ddcbeeaeaa
Score

1^/10
behavioral17 behavioral18
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
- Size
  
  151KB
- MD5
  
  b660794b7cfdc709e2e7f5f6ae2da336
- SHA1
  
  aad485e91300bdfe2692623690e8a6b4f72caa7e
- SHA256
  
  c9028ee0dda7e53254db71472b3cef96e13931d97a1ae2919446c4b946cbc22d
- SHA512
  
  e68ca373ff4b363368f4fe61dbe939cafcd4e2cc675d5babb937948593fb0527340da63d5b2617659af5fe04ed99174be42ffbf6142a8986266fdadf99d46d00
Score

10^/10

persistence
- Registers COM server for autorun
  persistence
behavioral19 behavioral20
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
- Size
  
  91B
- MD5
  
  a6d72092d0120cb068e3035ff2e80b16
- SHA1
  
  ddd7bfcadca2a2fed15ca78ad13ef456dabb11b3
- SHA256
  
  2d5b39d9770f6e128ca6d240d469c276186409e76b434471b822d4910275feda
- SHA512
  
  50b36728b005918c9054bf45fc129c7b0f45cf447f6695e2426322d5f1a3158192e8448a05a9bbc730a38b07a47a5d61cbcbd51638324d7da2e8bb4035a9bdf8
Score

1^/10
behavioral21 behavioral22
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
- Size
  
  247KB
- MD5
  
  882f5c35fe9bd596cef83b7582a6b47b
- SHA1
  
  70ebbd871b4e1b33487178e8e9b017b9c15f3f73
- SHA256
  
  94ce78f6b9b6d42c2c1a149e074e7f3aa2394dc5be002996a16d0b425a7a3f55
- SHA512
  
  3a61411a1bb4872f626ebce8bf8c7046ea20f01f7bd66caf051f276e0ec52a4359a6b6c4c0d5a84e4528f5220c67e49f57f309f497d8da3edd25b39ff328702a
Score

1^/10
behavioral23 behavioral24
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
- Size
  
  6KB
- MD5
  
  21626ffae5a122daa94a2822f225b301
- SHA1
  
  f844f22a31da173717efee29e89694266a98378e
- SHA256
  
  00ae1d1a986c6f6b70d92c15417db03d4e35cdb8178f2abb388c8b22974f786a
- SHA512
  
  64ced3bd75babc01cc1c0567dbc24333b1f18d9ddda5b82fe203efcbd5dd1e126450d346e94d1ff2c9e6d57750e1bcef19b352341fdc9d0fb05b2554275229bb
Score

1^/10
behavioral25 behavioral26
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
- Size
  
  6KB
- MD5
  
  861265483c1d6bcaacce89ea743c1976
- SHA1
  
  983ac5c87f531135b6c64bad182ff6cff65439f2
- SHA256
  
  2933beb43caf5d8fb3ba422630f99516abebb7ca8b8ba6371cca51d6cb6d67b2
- SHA512
  
  6e2443fcd7ed9fcb8e1fe024078581962f73eca3d50688e76b52e8f340d267aaa3df745558ddaa2a07a8ab74f46e5cff9495ae63fcea4b9057ebe997de3200a0
Score

1^/10
behavioral27 behavioral28
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all.dll
- Size
  
  115KB
- MD5
  
  de9b771e11a5800254354124e16856ee
- SHA1
  
  d86ec1217077f65bdae1bc207ba16ad5ed98feaf
- SHA256
  
  f53f755e8ae24f9e6d1b925bf32702cf4bd0a92511f87d6c3503830a1fbef9da
- SHA512
  
  ea0c022843997c05d9d542479dc8c32e6df9bb0e936b1d3e12aeba3ee46b45cee059e640bc0fa777535befc1cfb9d08cddfc32c6090999c19a4171cf479ababd
Score

1^/10
behavioral29 behavioral30
- Target
  
  Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
- Size
  
  142KB
- MD5
  
  74edb1ea4bee5a60a683b5bb801f3574
- SHA1
  
  55b62e45e7cf3e4b7255c1f3841c886394c8d851
- SHA256
  
  5564e99ce1d0ec73e762156af09e3d22bfec7af6f1bdcabe81e64825c7ca53da
- SHA512
  
  ff6b8ff3f7f68e2700591991a1b862b2c3311a349c27c0facd0a0277c6394e905162f0637ab48eaa94515af29700d2031838cdaf997f7d6c0d521e3a20114266
Score

10^/10

persistence
- Registers COM server for autorun
  persistence
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar1199spywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32