Overview

overview

10

Static

static

License.msi

windows7-x64

10

License.msi

windows10-2004-x64

10

Resubmissions

03-10-2022 20:41

221003-zgrkksegdj 10

03-10-2022 20:29

221003-y9wvbsedb4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    License.msi

  • Size

    6.8MB

  • Sample

    221003-y9wvbsedb4

  • MD5

    afe9813156ea682ae4c6a5621c8f4e68

  • SHA1

    5c0ffda644dfd0aca61e5f3ad314d295d385ee55

  • SHA256

    cb71e4ee47ae507196198a3afa81a18cb300fe455a487fe2e18c688466670a22

  • SHA512

    5b7b80d96580c83827761df6daae82de67c6a25daf8fdff123efe72a7b345e7979401b1f21a6f2007407469d58154aaac08bca23d1b79b9692ae572cac10e47e

  • SSDEEP

    196608:+t9ZFhQ4fLbaCfrEUtdSUS1sPLFPM31KUs9r:+t3Fh3Lba6rvDntW

Score
10/10
vidar915discoverystealer

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

915

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975
Attributes
  • profile_id

    915

Targets

    • Target

      License.msi

    • Size

      6.8MB

    • MD5

      afe9813156ea682ae4c6a5621c8f4e68

    • SHA1

      5c0ffda644dfd0aca61e5f3ad314d295d385ee55

    • SHA256

      cb71e4ee47ae507196198a3afa81a18cb300fe455a487fe2e18c688466670a22

    • SHA512

      5b7b80d96580c83827761df6daae82de67c6a25daf8fdff123efe72a7b345e7979401b1f21a6f2007407469d58154aaac08bca23d1b79b9692ae572cac10e47e

    • SSDEEP

      196608:+t9ZFhQ4fLbaCfrEUtdSUS1sPLFPM31KUs9r:+t3Fh3Lba6rvDntW

    Score
    10/10
    vidar915discoverystealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks