vidar | 4f2696febfd29143776e40f478e9d1d9ee36d73cc662d4666cf065a077ee66fa | Triage

Submit
Reports

Overview

overview

Static

static

ac61764646...01.exe

windows7-x64

ac61764646...01.exe

windows10-2004-x64

Sharing

General

Target

ac617646463d900c2513785e37290e01.exe
Size

303KB
Sample

220717-hv1a7sgeg6
MD5

ac617646463d900c2513785e37290e01
SHA1

5b6ec3318c82a7df78b9207bef7d45be2e470198
SHA256

4f2696febfd29143776e40f478e9d1d9ee36d73cc662d4666cf065a077ee66fa
SHA512

0666c74e079e14b11de185fa04b55123cd73e5e8be9662b768138e232d336d710ede147e63aa15c9754bed215822f8a6848f518f1391e6e80158c100cf6eabec

Score

10^/10

vidar 1415 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

ac617646463d900c2513785e37290e01.exe

Resource

win7-20220414-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac617646463d900c2513785e37290e01.exe

Resource

win10v2004-20220414-en

vidar 1415 discovery spyware stealer suricata

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

53.2

Botnet

1415

C2

https://t.me/tgch_hijuly

https://c.im/@olegf9844h

Attributes

profile_id
1415

Targets

- Target
  
  ac617646463d900c2513785e37290e01.exe
- Size
  
  303KB
- MD5
  
  ac617646463d900c2513785e37290e01
- SHA1
  
  5b6ec3318c82a7df78b9207bef7d45be2e470198
- SHA256
  
  4f2696febfd29143776e40f478e9d1d9ee36d73cc662d4666cf065a077ee66fa
- SHA512
  
  0666c74e079e14b11de185fa04b55123cd73e5e8be9662b768138e232d336d710ede147e63aa15c9754bed215822f8a6848f518f1391e6e80158c100cf6eabec
Score

10^/10

vidar 1415 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar1415discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy