vidar | 60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899 | Triage

Submit
Reports

Overview

overview

Static

static

60c410c65d...99.msi

windows7_x64

60c410c65d...99.msi

windows10-2004_x64

6

Sharing

General

Target

60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
Size

2.0MB
Sample

220520-g73reseaf5
MD5

e34e031f90002ad25ca1b315e0a0e1ca
SHA1

ed594f951eed29c1354e6d9e65f82cc27b39b060
SHA256

60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
SHA512

4c08ffaa9301f963c54cb8aa17bce30d833121b056c06903606ca1fe0d9e3a112b20ae72dde5e623acdf3bde15e75830f43f86594eed46e3ddc411e2bee9149f

Score

10^/10

vidar 615 coreentity rezer0 stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899.msi

Resource

win7-20220414-en

vidar 615 coreentity rezer0 stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899.msi

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

26.1

Botnet

615

C2

http://centos10.com/

Attributes

profile_id
615

Targets

- Target
  
  60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
- Size
  
  2.0MB
- MD5
  
  e34e031f90002ad25ca1b315e0a0e1ca
- SHA1
  
  ed594f951eed29c1354e6d9e65f82cc27b39b060
- SHA256
  
  60c410c65d8b07444b092f5fb71b2b3f071a0cb92230fad7211551309611d899
- SHA512
  
  4c08ffaa9301f963c54cb8aa17bce30d833121b056c06903606ca1fe0d9e3a112b20ae72dde5e623acdf3bde15e75830f43f86594eed46e3ddc411e2bee9149f
Score

10^/10

vidar 615 coreentity rezer0 stealer suricata
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Vidar Stealer
  stealer
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar615coreentityrezer0stealersuricata

behavioral2

© 2018-2024

Terms | Privacy