General
-
Target
vidar.exe
-
Size
4.3MB
-
Sample
220919-teha8sbedj
-
MD5
9d3d0e705b4e4b8b2a694b89802c9f32
-
SHA1
f0ee20b66f07b71c5d29e859adb301e6c0daf5af
-
SHA256
8361e4858ff44de225a4e3bb6c23e739f494af295f7c94e9744af2d6dcf56321
-
SHA512
548a18686a7f1ef4a26e9cc0df6422f94c1e328d13fc7618511e1303eee8d688ddde0048441126b51e6028a434bc86fe90a0487655d7226196be653813ff68f2
-
SSDEEP
98304:1AI+CCyF+foMnCfBT2pbLkouyu2CozB8EEkfH51lWdOjKkTJL:mt4/MUBskoBLCoqEvZ7EkNL
Static task
static1
Behavioral task
behavioral1
Sample
vidar.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
10.3
231
http://trasolevelqvines.com/
-
profile_id
231
Targets
-
-
Target
vidar.exe
-
Size
4.3MB
-
MD5
9d3d0e705b4e4b8b2a694b89802c9f32
-
SHA1
f0ee20b66f07b71c5d29e859adb301e6c0daf5af
-
SHA256
8361e4858ff44de225a4e3bb6c23e739f494af295f7c94e9744af2d6dcf56321
-
SHA512
548a18686a7f1ef4a26e9cc0df6422f94c1e328d13fc7618511e1303eee8d688ddde0048441126b51e6028a434bc86fe90a0487655d7226196be653813ff68f2
-
SSDEEP
98304:1AI+CCyF+foMnCfBT2pbLkouyu2CozB8EEkfH51lWdOjKkTJL:mt4/MUBskoBLCoqEvZ7EkNL
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-