vidar

Resubmissions

06-09-2022 13:50

220906-q5hg5sbadm 10

17-08-2022 16:17

220817-trkl5ahhdj 9

25-07-2022 23:23

220725-3dd2vsfch6 9

Sharing

Copy URL

Twitter E-mail

General

Target

Setup_Activated__PASWD__55555_[v1658787644].rar
Size

7.2MB
Sample

220906-q5hg5sbadm
MD5

3f66652c48a7c84b23186605de784f2b
SHA1

44f914f7766418d53e74a81bf50fc432a1ead2bc
SHA256

96357fd4f3d7c2e7af393c2c9f2319b7a4474ba3b6cb731456b3f146bb8c0beb
SHA512

b7ab4130fb5861b1b3fb0568ba12310da60c2c30b68221eea65a4cdd7cbdee9d6e4ca64308c2f7f19d2f192358da31a982e11519dbb21d366a8369964682386d
SSDEEP

196608:X9BqxKwqwCfyO6l8ASv4lJaAD3QB10MX/xuPU45g:tBqRqjfNxwlsAD3QBScS5g

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

53.3

Botnet

1281

http://185.53.46.199:80

http://77.75.230.119:80

http://5.252.23.43:80

Attributes

profile_id
1281

Targets

- Target
  
  Setup/Setup.exe
- Size
  
  385.9MB
- MD5
  
  0cc8c8d79c0eb8352305dc80d4c7d28a
- SHA1
  
  e9b479a3f4b33d3ebcc41d21584fd7abc26d28e0
- SHA256
  
  1f312cb92e5c7cc484f5c343efd701d8bb750a66be308f6aa863632a4c4a198b
- SHA512
  
  0d0e541291bc3538d5492edb4867861ec1213167430ed0c5537d08e66d834a20a67d0cd8c839b81b0de7d6a9c3c45a661c6d7d178885cd73da7cb529408c15e3
- SSDEEP
  
  196608:VyNOITMCu3NV65LeRg6HOHRyr8CjrESz+SEdaHB:VaOyMxdw5L+qvAESzlx
Score

10^/10

vidar 1281 evasion stealer themida trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2