vidar | 3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b
Size

401KB
Sample

221005-wb1phsfaf4
MD5

dc084f94c0badc5ee5a00affb3fe334d
SHA1

d992c38c64d7e7007be14e64a986422e4cbcfb3d
SHA256

3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b
SHA512

9f2447cde6d6febf1b8821ea044859a1f24e486618dd39c459c6003228f055720521dc60f641252ae272f0295e27a0ed393bbb79cda12ad614a57e6758c34089
SSDEEP

6144:1tiWA8L1AOIz7mfH6n//WZBj/LkZ+afxntlD/ogPtjQkjh6KQyCWCBI4wOFtNCj:1tiAKWfH6n/eZJkZVfxt53hQkjiWCPK

Score

10^/10

vidar 1680 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b.exe

Resource

win10-20220812-en

vidar 1680 discovery spyware stealer

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

54.9

Botnet

1680

C2

https://t.me/larsenup

https://ioc.exchange/@zebra54

Attributes

profile_id
1680

Targets

- Target
  
  3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b
- Size
  
  401KB
- MD5
  
  dc084f94c0badc5ee5a00affb3fe334d
- SHA1
  
  d992c38c64d7e7007be14e64a986422e4cbcfb3d
- SHA256
  
  3d6f3c84b19b6fc731d00f7c9035fdc523ae455c823ba4e2cc57d0d635fce50b
- SHA512
  
  9f2447cde6d6febf1b8821ea044859a1f24e486618dd39c459c6003228f055720521dc60f641252ae272f0295e27a0ed393bbb79cda12ad614a57e6758c34089
- SSDEEP
  
  6144:1tiWA8L1AOIz7mfH6n//WZBj/LkZ+afxntlD/ogPtjQkjh6KQyCWCBI4wOFtNCj:1tiAKWfH6n/eZJkZVfxt53hQkjiWCPK
Score

10^/10

vidar 1680 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1680discoveryspywarestealer

© 2018-2024

Terms | Privacy