vidar | f09c16eea97b9e4733ad58653a92b7f4a1ce00556a91ca83d2013153f6ff0e59 | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Resubmissions

11-09-2022 13:26

220911-qpvgrsbfc3 10

11-09-2022 12:47

220911-p1dsqabeh4 10

Sharing

General

Target

Setup.exe
Size

370.9MB
Sample

220911-p1dsqabeh4
MD5

caceb6578e7a4d3011ea97c9d1a693c0
SHA1

9d161e2ec7ecad49fed29e43fd8b04afad11e11d
SHA256

f09c16eea97b9e4733ad58653a92b7f4a1ce00556a91ca83d2013153f6ff0e59
SHA512

5200fb2d9a7654145977e1fbba6a9a77ba026e50523614111a0bfdd0a1eb63043546ee90ec38774aaeeeefdb8fd71e5c9be24d8463fc9bd540b3c15eca49fcdd
SSDEEP

98304:PSZWVxMgSBX6E1BwA26/JQtm111+kZNyLwd/nM2Stzv//PK3cS6i7zsnBW:qW2Hz726xQUakZNy8VMDVv/cr68ABW

Score

10^/10

vidar 1281 evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

vidar 1281 evasion stealer themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220812-en

vidar 1281 evasion stealer themida trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

53.3

Botnet

1281

C2

http://185.53.46.199:80

http://77.75.230.119:80

http://5.252.23.43:80

Attributes

profile_id
1281

Targets

- Target
  
  Setup.exe
- Size
  
  370.9MB
- MD5
  
  caceb6578e7a4d3011ea97c9d1a693c0
- SHA1
  
  9d161e2ec7ecad49fed29e43fd8b04afad11e11d
- SHA256
  
  f09c16eea97b9e4733ad58653a92b7f4a1ce00556a91ca83d2013153f6ff0e59
- SHA512
  
  5200fb2d9a7654145977e1fbba6a9a77ba026e50523614111a0bfdd0a1eb63043546ee90ec38774aaeeeefdb8fd71e5c9be24d8463fc9bd540b3c15eca49fcdd
- SSDEEP
  
  98304:PSZWVxMgSBX6E1BwA26/JQtm111+kZNyLwd/nM2Stzv//PK3cS6i7zsnBW:qW2Hz726xQUakZNy8VMDVv/cr68ABW
Score

10^/10

vidar 1281 evasion stealer themida trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1281evasionstealerthemidatrojan

behavioral2

vidar1281evasionstealerthemidatrojan

© 2018-2024

Terms | Privacy