vidar | 595de5a664edf353ccca6e9e50899774eedf4733f1931b0e6e370d866de3e55a | Triage

Submit
Reports

Overview

overview

Static

static

2231160e71...ed.exe

windows7-x64

7

2231160e71...ed.exe

windows10-2004-x64

7

Sharing

General

Target

2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0_unpacked.exe
Size

280KB
Sample

220926-kd568sbcbm
MD5

2bc296129698df69531a64b0911e2b6c
SHA1

c9c5cff6a7e700139d471b0116e12ea0bb17e98e
SHA256

595de5a664edf353ccca6e9e50899774eedf4733f1931b0e6e370d866de3e55a
SHA512

a5fdd3ecdc6ae4efa24d51668bdbdfc2609313f3d674a4546bb7e0a66d734b4e6fddf262802698628fba24271d4fbad9c20859f1ff8972169218bbd493d024c8
SSDEEP

6144:3NyBcukd1tiFqgFGI4pT2GI7DUiySpxQRqViGe:dyrmDiF3FuqDUiySGqVd

Score

10^/10

vidar 1672 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0_unpacked.exe

Resource

win7-20220812-en

discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0_unpacked.exe

Resource

win10v2004-20220812-en

discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1672

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975

Attributes

profile_id
1672

Targets

- Target
  
  2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0_unpacked.exe
- Size
  
  280KB
- MD5
  
  2bc296129698df69531a64b0911e2b6c
- SHA1
  
  c9c5cff6a7e700139d471b0116e12ea0bb17e98e
- SHA256
  
  595de5a664edf353ccca6e9e50899774eedf4733f1931b0e6e370d866de3e55a
- SHA512
  
  a5fdd3ecdc6ae4efa24d51668bdbdfc2609313f3d674a4546bb7e0a66d734b4e6fddf262802698628fba24271d4fbad9c20859f1ff8972169218bbd493d024c8
- SSDEEP
  
  6144:3NyBcukd1tiFqgFGI4pT2GI7DUiySpxQRqViGe:dyrmDiF3FuqDUiySGqVd
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy