vidar | f84038a5c35557bb57839423dcab27287ac5ab490fca503f496df61da5e2bc99 | Triage

Submit
Reports

Overview

overview

Static

static

p9d2s.exe

windows7-x64

7

p9d2s.exe

windows10-2004-x64

7

Sharing

General

Target

p9d2s.exe
Size

279KB
Sample

220928-vcwxaahgam
MD5

c8d1c103b214703e696023614b075c9d
SHA1

06b5727434705f87a7cdfc7f5612630c4f3f06c2
SHA256

f84038a5c35557bb57839423dcab27287ac5ab490fca503f496df61da5e2bc99
SHA512

edcd3fb473a6316fec8568266f92b6c5ff0350ca401147669c5f92a0f0a28496ac371eb382fd8034e7e39ded2a61648fe222908a5c70d189675bee125dd0b10b
SSDEEP

6144:Ekjaba2rnQPW2I4YCKMQ0iaOVCZgm0yAjn:E42rnQPW+60iaOVnmE

Score

10^/10

vidar 1259 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

p9d2s.exe

Resource

win7-20220812-en

discovery spyware stealer

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

p9d2s.exe

Resource

win10v2004-20220812-en

discovery spyware stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1259

C2

https://t.me/trampapanam

https://nerdculture.de/@yoxhyp

Attributes

profile_id
1259

Targets

- Target
  
  p9d2s.exe
- Size
  
  279KB
- MD5
  
  c8d1c103b214703e696023614b075c9d
- SHA1
  
  06b5727434705f87a7cdfc7f5612630c4f3f06c2
- SHA256
  
  f84038a5c35557bb57839423dcab27287ac5ab490fca503f496df61da5e2bc99
- SHA512
  
  edcd3fb473a6316fec8568266f92b6c5ff0350ca401147669c5f92a0f0a28496ac371eb382fd8034e7e39ded2a61648fe222908a5c70d189675bee125dd0b10b
- SSDEEP
  
  6144:Ekjaba2rnQPW2I4YCKMQ0iaOVCZgm0yAjn:E42rnQPW+60iaOVnmE
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy