Overview

overview

10

Static

static

URLScan

urlscan

1

https://download2275...

windows7-x64

8

https://download2275...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://download2275.mediafire.com/sy4yu80ddjzg/bo4rvig0uux6rvl/GTA+Mod+menu.rar

  • Sample

    220725-kdbbvsbedp

Score
10/10
vidar1375spywarestealersuricata

Malware Config

Extracted

Family

vidar

Version

53.3

Botnet

1375

C2

https://t.me/korstonsales

https://climatejustice.social/@ffoleg94
Attributes
  • profile_id

    1375

Targets

    • Target

      https://download2275.mediafire.com/sy4yu80ddjzg/bo4rvig0uux6rvl/GTA+Mod+menu.rar

    Score
    10/10
    vidar1375spywarestealersuricata

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

      suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

      suricata

    • Executes dropped EXE

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks