Overview

overview

10

Static

static

entry_1_0/License.msi

windows7-x64

10

entry_1_0/License.msi

windows10-2004-x64

10

Resubmissions

23-09-2022 17:33

220923-v442zaheg3 10

20-09-2022 19:15

220920-xx91raebh8 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file_809457a4bbec4fe9858fb630d22c190a_2022-09-20_18_44_33_590000 (2).zip

  • Size

    6.3MB

  • Sample

    220923-v442zaheg3

  • MD5

    2464a4e83d3a00fce42fe62768cdf4b1

  • SHA1

    6270b51abecb31cfeb657c0268e0ebdaa79934e6

  • SHA256

    faaac98d010a3ce279f61db1aa7f04de3268115c45260b239053d5a6ebf9e361

  • SHA512

    790278d070ddd96db7441037de4762c318edeaa8bc7091d80bb099fa1ab7451ec3c25d85d97416d36805c8caaa3c8ecedd14c94639030484b04c35a0fd7bc77b

  • SSDEEP

    196608:yBzHJdJAK3RDmQxNy6RbykwrwbLJTcLJKaGj/w:2zpdJbRDmsN13ZtYX

Score
10/10
vidar915discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

915

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975
Attributes
  • profile_id

    915

Targets

    • Target

      entry_1_0/License.msi

    • Size

      6.8MB

    • MD5

      afe9813156ea682ae4c6a5621c8f4e68

    • SHA1

      5c0ffda644dfd0aca61e5f3ad314d295d385ee55

    • SHA256

      cb71e4ee47ae507196198a3afa81a18cb300fe455a487fe2e18c688466670a22

    • SHA512

      5b7b80d96580c83827761df6daae82de67c6a25daf8fdff123efe72a7b345e7979401b1f21a6f2007407469d58154aaac08bca23d1b79b9692ae572cac10e47e

    • SSDEEP

      196608:+t9ZFhQ4fLbaCfrEUtdSUS1sPLFPM31KUs9r:+t3Fh3Lba6rvDntW

    Score
    10/10
    vidar915discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

5
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks