vidar | 38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7_x64

winprofile

windows10_x64

Sharing

General

Target

38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf
Size

399KB
Sample

220519-17f27sfben
MD5

89d2c921a6cae15b55e162f8ca73e992
SHA1

0bc50a2a1b28ddfdba49fa773a8587019aa74144
SHA256

38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf
SHA512

349c7c7b5b28103118e90d3a0819f6e4fbdaf019eb0939333643354ae9110689288da95a8a57f8ab90ff09d567ed189710a194f8e7a9bb62a7a373f51564ed56

Score

10^/10

vidar 1376 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf.exe

Resource

win7-20220414-en

vidar 1376 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf.exe

Resource

win10-20220414-en

vidar 1376 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1376

C2

https://t.me/netflixaccsfree

https://mastodon.social/@ronxik12

Attributes

profile_id
1376

Targets

- Target
  
  38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf
- Size
  
  399KB
- MD5
  
  89d2c921a6cae15b55e162f8ca73e992
- SHA1
  
  0bc50a2a1b28ddfdba49fa773a8587019aa74144
- SHA256
  
  38d54d276dafe59385a4bdddd8dbef6a5cdfc7afbe75e275ff613274f103afaf
- SHA512
  
  349c7c7b5b28103118e90d3a0819f6e4fbdaf019eb0939333643354ae9110689288da95a8a57f8ab90ff09d567ed189710a194f8e7a9bb62a7a373f51564ed56
Score

10^/10

vidar 1376 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1376discoveryspywarestealersuricata

behavioral2

vidar1376discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy