vidar | 41be5f61865ee6502ddad6af8bdfc5c5c1fe132e555cddd19634fef1c6068dc5 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7_x64

tmp.exe

windows10-2004_x64

Sharing

General

Target

tmp
Size

422KB
Sample

220520-gjlg8sffgm
MD5

3d1d048187f54d5961817a5866042e13
SHA1

1fa3c9856f49ebe802f81062a0030482ea24bf68
SHA256

41be5f61865ee6502ddad6af8bdfc5c5c1fe132e555cddd19634fef1c6068dc5
SHA512

1ae633293fe4ae369efe5f611af617305fceb3c7b6215827e6f428f668dada5f40e9d1a9511243250bc64de095556d696f891d40979c5e0f5a94d6be0a409748

Score

10^/10

vidar 1163 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220414-en

vidar 1163 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220414-en

vidar 1163 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1163

C2

https://t.me/netflixaccsfree

https://mastodon.social/@ronxik12

Attributes

profile_id
1163

Targets

- Target
  
  tmp
- Size
  
  422KB
- MD5
  
  3d1d048187f54d5961817a5866042e13
- SHA1
  
  1fa3c9856f49ebe802f81062a0030482ea24bf68
- SHA256
  
  41be5f61865ee6502ddad6af8bdfc5c5c1fe132e555cddd19634fef1c6068dc5
- SHA512
  
  1ae633293fe4ae369efe5f611af617305fceb3c7b6215827e6f428f668dada5f40e9d1a9511243250bc64de095556d696f891d40979c5e0f5a94d6be0a409748
Score

10^/10

vidar 1163 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1163discoveryspywarestealersuricata

behavioral2

vidar1163discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy