vidar | adc533afdb78f5b2509ce98d5ba8f2fce025675246532a0a0454acf4b02cb640 | Triage

Submit
Reports

Overview

overview

Static

static

7a3819cbe5...48.exe

windows7_x64

7a3819cbe5...48.exe

windows10-2004_x64

Sharing

General

Target

7a3819cbe5eb3cdf1ea422b4e9893948.exe
Size

354KB
Sample

220510-nnw8vsggb8
MD5

7a3819cbe5eb3cdf1ea422b4e9893948
SHA1

e3281fd96083ffe4ccbf2c0da578630f08b87a61
SHA256

adc533afdb78f5b2509ce98d5ba8f2fce025675246532a0a0454acf4b02cb640
SHA512

2e06e6cef4d2fbb3d13bdc27e01d6b43c5f3d08456806099def329fc0fe59a0fb2c16ad210290da3bb16f3925f7e261056a97c10c1464d2997a7ad2727e39e2e

Score

10^/10

vidar 1163 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

7a3819cbe5eb3cdf1ea422b4e9893948.exe

Resource

win7-20220414-en

vidar 1163 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7a3819cbe5eb3cdf1ea422b4e9893948.exe

Resource

win10v2004-20220414-en

vidar 1163 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

1163

C2

https://t.me/verstappenf1r

https://climatejustice.social/@ronxik312

Attributes

profile_id
1163

Targets

- Target
  
  7a3819cbe5eb3cdf1ea422b4e9893948.exe
- Size
  
  354KB
- MD5
  
  7a3819cbe5eb3cdf1ea422b4e9893948
- SHA1
  
  e3281fd96083ffe4ccbf2c0da578630f08b87a61
- SHA256
  
  adc533afdb78f5b2509ce98d5ba8f2fce025675246532a0a0454acf4b02cb640
- SHA512
  
  2e06e6cef4d2fbb3d13bdc27e01d6b43c5f3d08456806099def329fc0fe59a0fb2c16ad210290da3bb16f3925f7e261056a97c10c1464d2997a7ad2727e39e2e
Score

10^/10

vidar 1163 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1163discoveryspywarestealersuricata

behavioral2

vidar1163discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy