vidar | 5fd2130b5afc797dd2c5aa76817463ca25d58a75de3be63f5c96878868f4637e | Triage

Submit
Reports

Overview

overview

Static

static

091bc5b238...43.exe

windows7_x64

091bc5b238...43.exe

windows10-2004_x64

Sharing

General

Target

091bc5b238f5ff8433810b9c64019243.exe
Size

338KB
Sample

220714-1qgbmsecc6
MD5

091bc5b238f5ff8433810b9c64019243
SHA1

2ecf35ebdbc04cd228614a47e385fd0f57cf0644
SHA256

5fd2130b5afc797dd2c5aa76817463ca25d58a75de3be63f5c96878868f4637e
SHA512

5edd3de2f271fa09a4572425bd9a1ea2b5295df420d7d9ccf735e1bcf8a95cd186a47f4a916bddb44e067533627bc1c31f8d64b070706a4db148473baa4a36da

Score

10^/10

vidar 1120 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

091bc5b238f5ff8433810b9c64019243.exe

Resource

win7-20220414-en

vidar 1120 discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

091bc5b238f5ff8433810b9c64019243.exe

Resource

win10v2004-20220414-en

vidar 1120 discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

53.1

Botnet

1120

C2

https://t.me/tg_dailyrunnings

https://mastodon.online/@olegf9844g

Attributes

profile_id
1120

Targets

- Target
  
  091bc5b238f5ff8433810b9c64019243.exe
- Size
  
  338KB
- MD5
  
  091bc5b238f5ff8433810b9c64019243
- SHA1
  
  2ecf35ebdbc04cd228614a47e385fd0f57cf0644
- SHA256
  
  5fd2130b5afc797dd2c5aa76817463ca25d58a75de3be63f5c96878868f4637e
- SHA512
  
  5edd3de2f271fa09a4572425bd9a1ea2b5295df420d7d9ccf735e1bcf8a95cd186a47f4a916bddb44e067533627bc1c31f8d64b070706a4db148473baa4a36da
Score

10^/10

vidar 1120 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1120discoveryspywarestealersuricata

behavioral2

vidar1120discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy