vidar | 2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795
Size

478KB
Sample

220531-l7c8zsahd2
MD5

a4155a9ac86e67f1abe1caa06ad09922
SHA1

12d89a80bf4ffe6422187723739b88ea7d2d3573
SHA256

2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795
SHA512

7aab92b5cf446f7d31dab6ad0ec6ed1bdaaec7e485c4509da95c606d602610986cce8cc15dbbd4a9057f600c0d33376535016c70670ab4bb4ca435875f407715

Score

10^/10

vidar 1366 spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795.exe

Resource

win10-20220414-en

vidar 1366 spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

52.4

Botnet

1366

C2

https://t.me/foreigndocs

https://c.im/@ronxik31

Attributes

profile_id
1366

Targets

- Target
  
  2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795
- Size
  
  478KB
- MD5
  
  a4155a9ac86e67f1abe1caa06ad09922
- SHA1
  
  12d89a80bf4ffe6422187723739b88ea7d2d3573
- SHA256
  
  2f17c87776c24df1bac5b312c3dfbd31b61637d7191a2522026c47f78efc5795
- SHA512
  
  7aab92b5cf446f7d31dab6ad0ec6ed1bdaaec7e485c4509da95c606d602610986cce8cc15dbbd4a9057f600c0d33376535016c70670ab4bb4ca435875f407715
Score

10^/10

vidar 1366 spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1366spywarestealersuricata

© 2018-2024

Terms | Privacy