vidar | 6e20db9320c1902cff4324891402a7ab38fdf118131c69a3e47578589efc130d | Triage

Submit
Reports

Overview

overview

Static

static

b0788093ab...d1.exe

windows7_x64

b0788093ab...d1.exe

windows10-2004_x64

Sharing

General

Target

b0788093ab423639aefac4eb31d8a2d1.exe
Size

393KB
Sample

220702-zxqcfshhgl
MD5

b0788093ab423639aefac4eb31d8a2d1
SHA1

35d5bfc9f3ff67a50558fccbe8b2c45eead03661
SHA256

6e20db9320c1902cff4324891402a7ab38fdf118131c69a3e47578589efc130d
SHA512

7cb35b890646e099fab47b1581e9c2acd5daae29e9b1788a1815496a51983aefacbad360be49be26cdc6787d36c9e5e2032b9571b5be3154ac1995ec456da758

Score

10^/10

vidar 937 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

b0788093ab423639aefac4eb31d8a2d1.exe

Resource

win7-20220414-en

vidar 937 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b0788093ab423639aefac4eb31d8a2d1.exe

Resource

win10v2004-20220414-en

vidar 937 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

53

Botnet

937

C2

https://t.me/ch_inagroup

https://mastodon.social/@olegf9844e

Attributes

profile_id
937

Targets

- Target
  
  b0788093ab423639aefac4eb31d8a2d1.exe
- Size
  
  393KB
- MD5
  
  b0788093ab423639aefac4eb31d8a2d1
- SHA1
  
  35d5bfc9f3ff67a50558fccbe8b2c45eead03661
- SHA256
  
  6e20db9320c1902cff4324891402a7ab38fdf118131c69a3e47578589efc130d
- SHA512
  
  7cb35b890646e099fab47b1581e9c2acd5daae29e9b1788a1815496a51983aefacbad360be49be26cdc6787d36c9e5e2032b9571b5be3154ac1995ec456da758
Score

10^/10

vidar 937 stealer discovery spyware suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar937stealer

behavioral2

vidar937discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy