vidar | 47581e7daf7e92fa4de9fdff4e7b055ca5c80a34656823aa4034a02c39390bbc | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...35.exe

windows7-x64

SecuriteIn...35.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe
Size

382KB
Sample

220908-fwrdksdfh5
MD5

de5694d171d676112fcd0626b05f716b
SHA1

23292b9b87f67f26635e2ff4e6ab53f8a3b1983f
SHA256

47581e7daf7e92fa4de9fdff4e7b055ca5c80a34656823aa4034a02c39390bbc
SHA512

320a21b3f6de29c4e224ee44f7407c1be8d172a4b3377c9b1b3912170b6f6ab867df44b6e03e3457d93651d290530bbb50ad5df3a9818f08bd16131c59a3c299
SSDEEP

6144:Icx0joKH4VwxjIqLT6L6TYjFg7xKXe8dxt6k4N/DAYiAvrzjO4jgB+1H4brfibtp:Icx6YVwR1T6LdjcKXeWt6k4pWAvPjO4B

Score

10^/10

vidar 1438 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe

Resource

win7-20220812-en

vidar 1438 stealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe

Resource

win10v2004-20220901-en

vidar 1438 discovery spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26

Attributes

profile_id
1438

Targets

- Target
  
  SecuriteInfo.com.Variant.Lazy.174506.16237.25035.exe
- Size
  
  382KB
- MD5
  
  de5694d171d676112fcd0626b05f716b
- SHA1
  
  23292b9b87f67f26635e2ff4e6ab53f8a3b1983f
- SHA256
  
  47581e7daf7e92fa4de9fdff4e7b055ca5c80a34656823aa4034a02c39390bbc
- SHA512
  
  320a21b3f6de29c4e224ee44f7407c1be8d172a4b3377c9b1b3912170b6f6ab867df44b6e03e3457d93651d290530bbb50ad5df3a9818f08bd16131c59a3c299
- SSDEEP
  
  6144:Icx0joKH4VwxjIqLT6L6TYjFg7xKXe8dxt6k4N/DAYiAvrzjO4jgB+1H4brfibtp:Icx6YVwR1T6LdjcKXeWt6k4pWAvPjO4B
Score

10^/10

vidar 1438 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1438stealer

behavioral2

vidar1438discoveryspywarestealer

© 2018-2024

Terms | Privacy