vidar | 96a51ba45cd25d1b58f7e64b3a131ef7c0c25a91ef003f341018abb71de81e4e | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

96a51ba45cd25d1b58f7e64b3a131ef7c0c25a91ef003f341018abb71de81e4e
Size

6.2MB
Sample

220725-km41jabfam
MD5

07e212515b4c73f9052e7717639d8d5e
SHA1

be0dd8e07c98702b4ad0b8e3160d1e975e36ba63
SHA256

96a51ba45cd25d1b58f7e64b3a131ef7c0c25a91ef003f341018abb71de81e4e
SHA512

886528681608a562a1f8417eed0e03d12b28409244535e95662cc2e1ed19c406c6aa0fd985f46395645cd49f00d8a407dd391dd9f351e547a818952a0ef9dae1

Score

10^/10

vidar 1328 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220718-en

vidar 1328 discovery spyware stealer suricata

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220721-en

vidar 1328 stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

1328

C2

https://t.me/verstappenf1r

https://climatejustice.social/@ronxik312

Attributes

profile_id
1328

Targets

- Target
  
  Setup.exe
- Size
  
  700.0MB
- MD5
  
  253758f32cb3d42db3a65c654abe0a2c
- SHA1
  
  f8979d8f1b3cc72d790bbfe794549bc16a0f64f5
- SHA256
  
  d8742679698817b4e8494b827c1ac998d0b60dfa8674766de6d64405274f9636
- SHA512
  
  5f999ab94f7bc61f3f46a367f3e5697ac09b98cf7006c5859d59c4569d1399994adf871f2bac6f2b7ae2659c45a30c365ae38b9b7098706ac10a6262b531bc65
Score

10^/10

vidar 1328 discovery spyware stealer suricata
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1328discoveryspywarestealersuricata

behavioral2

vidar1328stealer

© 2018-2024

Terms | Privacy