vidar | c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d
Size

394KB
Sample

220705-j8lweahcg3
MD5

ae80ca8a75a4e4c689ef5bb817db0bb1
SHA1

f44e95d11cada37f845f30f5dda54cd00d15870f
SHA256

c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d
SHA512

4079f4780fef95260b8895e9995c0dc734be4f10624aa5f3435e3a9c4cef4cd376a1cdad4c5609c2e16201f3a7ca1b7c3b945c5f2b1f51c01dbba98c8f5f5866

Score

10^/10

vidar 1519 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d.exe

Resource

win10-20220414-en

vidar 1519 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

53.1

Botnet

1519

C2

https://t.me/tg_dailyrunnings

https://mastodon.online/@olegf9844g

Attributes

profile_id
1519

Targets

- Target
  
  c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d
- Size
  
  394KB
- MD5
  
  ae80ca8a75a4e4c689ef5bb817db0bb1
- SHA1
  
  f44e95d11cada37f845f30f5dda54cd00d15870f
- SHA256
  
  c24966e960c50eef8f024a3181e312b2c99bc05e516262a284370893b8e8973d
- SHA512
  
  4079f4780fef95260b8895e9995c0dc734be4f10624aa5f3435e3a9c4cef4cd376a1cdad4c5609c2e16201f3a7ca1b7c3b945c5f2b1f51c01dbba98c8f5f5866
Score

10^/10

vidar 1519 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1519discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy