vidar | 51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b | Triage

Submit
Reports

Overview

overview

Static

static

51fda686a2...5b.exe

windows7_x64

51fda686a2...5b.exe

windows10-2004_x64

Sharing

General

Target

51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b
Size

1.4MB
Sample

220520-hpsdeaefg3
MD5

527dfd8be2507b6ff19edd7da120d078
SHA1

d08565e68cb79a3efcf0ab8d0ad6389f2b948d4c
SHA256

51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b
SHA512

96d340a7e965fa49d22b5b818b9fa6e483b9de2c7730dbd9d4394e7db7aea5c8a3b52ace92c015665048a61234d9cbc5db089f86cebaaa5c9bba2d88299a097f

Score

10^/10

vidar 1326 spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b.exe

Resource

win7-20220414-en

vidar 1326 spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b.exe

Resource

win10v2004-20220414-en

vidar 1326 spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1326

C2

https://t.me/netflixaccsfree

https://mastodon.social/@ronxik12

Attributes

profile_id
1326

Targets

- Target
  
  51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b
- Size
  
  1.4MB
- MD5
  
  527dfd8be2507b6ff19edd7da120d078
- SHA1
  
  d08565e68cb79a3efcf0ab8d0ad6389f2b948d4c
- SHA256
  
  51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b
- SHA512
  
  96d340a7e965fa49d22b5b818b9fa6e483b9de2c7730dbd9d4394e7db7aea5c8a3b52ace92c015665048a61234d9cbc5db089f86cebaaa5c9bba2d88299a097f
Score

10^/10

vidar 1326 spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1326spywarestealersuricata

behavioral2

vidar1326spywarestealersuricata

© 2018-2024

Terms | Privacy