Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-1703-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.zip

  • Size

    5.6MB

  • Sample

    221002-ndx3eacgb2

  • MD5

    ce31048ad3bbb1ba0528fe6b1e902993

  • SHA1

    a68e5be961a626a1a33f3336d09804a4f93d4442

  • SHA256

    db89838f9e60765d4c2fb54ab978e8642034cdcb29a7bb926b21c30e8189ee49

  • SHA512

    14a7ccd619b1763552a60ab8211341117638789dc58aa8a70918dd5c27fa28ebd2d078be3cdcc9068087f03f79e061db0adada269d9a6ef2d320823b99467cd9

  • SSDEEP

    98304:eRAnDQ6vgFUSlTBJYpJBCsIH9EoD4Z4gN+4e3P3iCVeRhkkNn9Hj8/:6An1In+JBMq84N+i5Rhk09HC

Score
10/10
vidar1281discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

54.8

Botnet

1281

C2

https://t.me/dsjdsnxshjx

Attributes
  • profile_id

    1281

Targets

    • Target

      Setup.exe

    • Size

      339.3MB

    • MD5

      b61856ad41a4423ae265efb0b5bad7d5

    • SHA1

      7700b24a0696aeb1d0b09240adb090dffd52049b

    • SHA256

      8537f13d073583dfe3ac62f19a80490fe2f60e6701d1a6ad1bf861274d4b7c10

    • SHA512

      db98eace3fb0ed2e1bbdb83b426be80bbe5a067cc20f481d420ecd25779ea8dcd2271cb9b6009d9ea44d78d7d9c541e96b58745c45e009535aee552c817bb056

    • SSDEEP

      98304:3WRH1yPRGZ5U2koQ2JDh6e9E+t4ZiwNqUejhP+AFu93SXup9Buys:GRHAPRGroLcD3qS4lo+l93bp9Bx

    Score
    10/10
    vidar1281discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks