vidar | aacab9cbbf292403a63bcfd1f6f0a9e534ac39aab406f2c9d7aa98b719f3801f | Triage

Submit
Reports

Overview

overview

Static

static

build2.exe

windows7_x64

build2.exe

windows10-2004_x64

Sharing

General

Target

build2.exe
Size

367KB
Sample

220512-tsq6asbfd9
MD5

3107999f9600f5f2bc88e17282da2773
SHA1

8862f9551fdb7dc30e135c556751b973f441e7b4
SHA256

aacab9cbbf292403a63bcfd1f6f0a9e534ac39aab406f2c9d7aa98b719f3801f
SHA512

50c66565fc457b848014eaf70b3f7cc408e8a818bd29c80daf53597a44c182d26649c249a6e3fe7e6516fc7ff7e7026f3aff4b25ee48645789fa6cd3d3e2f338

Score

10^/10

vidar 517 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

build2.exe

Resource

win7-20220414-en

vidar 517 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

build2.exe

Resource

win10v2004-20220414-en

vidar 517 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

517

C2

https://t.me/verstappenf1r

https://climatejustice.social/@ronxik312

Attributes

profile_id
517

Targets

- Target
  
  build2.exe
- Size
  
  367KB
- MD5
  
  3107999f9600f5f2bc88e17282da2773
- SHA1
  
  8862f9551fdb7dc30e135c556751b973f441e7b4
- SHA256
  
  aacab9cbbf292403a63bcfd1f6f0a9e534ac39aab406f2c9d7aa98b719f3801f
- SHA512
  
  50c66565fc457b848014eaf70b3f7cc408e8a818bd29c80daf53597a44c182d26649c249a6e3fe7e6516fc7ff7e7026f3aff4b25ee48645789fa6cd3d3e2f338
Score

10^/10

vidar 517 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar517discoveryspywarestealersuricata

behavioral2

vidar517discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy