vidar | 0c06d3612ebf8d92e3c1ce4eb9ed3322a043781fd165bb22b19b4f1b8a37209c | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Pass_1234_Setup.zip
Size

6.2MB
Sample

220927-1xf98aefe8
MD5

4a6a67392fae608893d9f18594b982ea
SHA1

fc620cba80b01a880fc0657f6a1c449caab28df2
SHA256

0c06d3612ebf8d92e3c1ce4eb9ed3322a043781fd165bb22b19b4f1b8a37209c
SHA512

f699528796ca53974a9ffb814fdfb055f7be3614a01d7badec18606cc6ded33f9833ab28a4b45755a1fc6ca44a4702ba24c001db68227a8762341626fcf2bb21
SSDEEP

196608:Ugb0LbPtKKhIJV5g7fJhXmBIXewmnFQ3EU9wT:Ugw/srJHg7TXIK7mC79O

Score

10^/10

vidar 1281 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220901-en

vidar 1281 discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220812-en

vidar 1281 discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1281

C2

https://t.me/blablblsdfd

Attributes

profile_id
1281

Targets

- Target
  
  Setup.exe
- Size
  
  382.6MB
- MD5
  
  a3f69cbce849082ef0cecfc2cc1b6b6d
- SHA1
  
  b91d49947864897591b0be30496885cc5976cb6c
- SHA256
  
  6b852f168baca7a4c954409bd7f1170a3e50f15e48bcd96e8dc802eebb2c740f
- SHA512
  
  4e4b0d2ac2c8b6aa4848b4052294a9645d832fecc98598617e34cc22e117d69bc18e49b5d0ee028b08035f7b9bff288c15bcd8bf245c30be02de406271f2acee
- SSDEEP
  
  98304:iH9Xh2yqUcUFt0A25meRkBDQ0itAg6+Eq13QoUDqCUVawX0BsDv2:EI/ZULJeR6DQ0iy+V13QUCeX0I2
Score

10^/10

vidar 1281 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1281discoveryspywarestealer

behavioral2

vidar1281discoveryspywarestealer

© 2018-2024

Terms | Privacy