General

  • Target

    SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe

  • Size

    382KB

  • Sample

    220908-fwrdksdfh5

  • MD5

    de5694d171d676112fcd0626b05f716b

  • SHA1

    23292b9b87f67f26635e2ff4e6ab53f8a3b1983f

  • SHA256

    47581e7daf7e92fa4de9fdff4e7b055ca5c80a34656823aa4034a02c39390bbc

  • SHA512

    320a21b3f6de29c4e224ee44f7407c1be8d172a4b3377c9b1b3912170b6f6ab867df44b6e03e3457d93651d290530bbb50ad5df3a9818f08bd16131c59a3c299

  • SSDEEP

    6144:Icx0joKH4VwxjIqLT6L6TYjFg7xKXe8dxt6k4N/DAYiAvrzjO4jgB+1H4brfibtp:Icx6YVwR1T6LdjcKXeWt6k4pWAvPjO4B

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26

Attributes
  • profile_id

    1438

Targets

    • Target

      SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe

    • Size

      382KB

    • MD5

      de5694d171d676112fcd0626b05f716b

    • SHA1

      23292b9b87f67f26635e2ff4e6ab53f8a3b1983f

    • SHA256

      47581e7daf7e92fa4de9fdff4e7b055ca5c80a34656823aa4034a02c39390bbc

    • SHA512

      320a21b3f6de29c4e224ee44f7407c1be8d172a4b3377c9b1b3912170b6f6ab867df44b6e03e3457d93651d290530bbb50ad5df3a9818f08bd16131c59a3c299

    • SSDEEP

      6144:Icx0joKH4VwxjIqLT6L6TYjFg7xKXe8dxt6k4N/DAYiAvrzjO4jgB+1H4brfibtp:Icx6YVwR1T6LdjcKXeWt6k4pWAvPjO4B

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

2
T1005

Tasks