vidar | 36bccef36152628ba35e82a3bb798086f1b46118f9085834029f17a494c2c8df | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7_x64

tmp.exe

windows10-2004_x64

Sharing

General

Target

tmp
Size

377KB
Sample

220512-fnk7laaee3
MD5

3f731ba712e3a286bf832c4c0a20c6c0
SHA1

1a70ef68a6d1b7a7a8d3db6a19ce996ca19d4bf2
SHA256

36bccef36152628ba35e82a3bb798086f1b46118f9085834029f17a494c2c8df
SHA512

f7be97a3ac7ad8fe6be0f70863f25d53a1d4e4ff12fd289358ff448a598507cbf784bfe3f23f03a014756cf31f237fd705374c3eeb1af7fc2a479433249f636d

Score

10^/10

vidar 1364 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220414-en

vidar 1364 spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220414-en

vidar 1364 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

1364

C2

https://t.me/verstappenf1r

https://climatejustice.social/@ronxik312

Attributes

profile_id
1364

Targets

- Target
  
  tmp
- Size
  
  377KB
- MD5
  
  3f731ba712e3a286bf832c4c0a20c6c0
- SHA1
  
  1a70ef68a6d1b7a7a8d3db6a19ce996ca19d4bf2
- SHA256
  
  36bccef36152628ba35e82a3bb798086f1b46118f9085834029f17a494c2c8df
- SHA512
  
  f7be97a3ac7ad8fe6be0f70863f25d53a1d4e4ff12fd289358ff448a598507cbf784bfe3f23f03a014756cf31f237fd705374c3eeb1af7fc2a479433249f636d
Score

10^/10

vidar 1364 spyware stealer suricata discovery
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1364spywarestealersuricata

behavioral2

vidar1364discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy