vidar | 85e8d29d80ebd140690ee4bbe27350fb8aec17a5534cb530df11340aac675b9f | Triage

Resubmissions

07/10/2022, 06:43

221007-hg7s5acabp 10

Sharing

Copy URL Twitter E-mail

General

Target

Sony Vegas Pro.zip
Size

3.5MB
Sample

221007-hg7s5acabp
MD5

0390430225ad42315f9f3a5733cecbe7
SHA1

57a03fee5e04021e69998ba5c51b8f0a318e7fa8
SHA256

85e8d29d80ebd140690ee4bbe27350fb8aec17a5534cb530df11340aac675b9f
SHA512

d1cbdd40d863f75189859dd72fc7f966dfd8e72db62c09b62950b4efb35d1dbbec64bb54973d03f288854249b4b7ce5eebca12ec4fce128ef71beca29b387feb
SSDEEP

49152:AJPrT8lGc9G6vp1EUtA8jXJDjoLvaPqJoeL8gHoIra2Tpjo:gTMRA6HtNoLva0oc86oEHdM

Score

10^/10

vidar 1375 spyware stealer

Malware Config

Extracted

Family

vidar

Version

54.9

Botnet

1375

C2

https://t.me/larsenup

https://ioc.exchange/@zebra54

Attributes

profile_id
1375

Targets

- Target
  
  Sony Vegas Pro/GFSDK_ShadowLib.win64.dll
- Size
  
  3.8MB
- MD5
  
  f2c348c5aaff0c420f4dce3abc1bbad6
- SHA1
  
  873f96bf5f180d786445ab2a129140905d5066b8
- SHA256
  
  0523a77867d37ac0fd0a9ccc5e6d11882e743ed6d52558f6bb63d5889b7f4ae1
- SHA512
  
  857a08f0d22b1a3cc9517d632d151bbdd703ec6dd541c84190f305a43f4f81770860ad4c9cc2baaf149740eac8d8579dbb2ee7c0e63a0403d061adb0ae0b0b66
- SSDEEP
  
  24576:Gg4mEzEzlXel6Kqn9DSuGOMAYd1EmH07YV1GmP0jYX1JmX0UY/1ImD0A:G
Score

1^/10
behavioral1 behavioral2
- Target
  
  Sony Vegas Pro/Scrafy.dll
- Size
  
  35.0MB
- MD5
  
  70549df31467a4c90250bfdaaa28f62a
- SHA1
  
  84c36b0999f842887a0d9a950c26373deeb798c6
- SHA256
  
  926687efa6694393d6c4a3e95c5e06a52cb7227e3fe5617e9dd59e7a7579cf5f
- SHA512
  
  6d59e8eadbf0d236a88ed14440335e01d528eb017cff8e875fd6ffa5d5bbfaffb4efe21cd298a62edbfac5bfd8f4719d42c9c13b65d7c64a775eaf0da34577b7
- SSDEEP
  
  3:Hcxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzm:HcU
Score

1^/10
behavioral3 behavioral4
- Target
  
  Sony Vegas Pro/Sony Vegas Pro crack.exe
- Size
  
  761.7MB
- MD5
  
  39df5e67f0316c43aef84f63afdbc870
- SHA1
  
  00f16dca7b5eb3aae479939e8f31769c40325875
- SHA256
  
  c3d3203630d3e5583b08e5ad16e4a4ba967153a8e142e0bea594bbdcd844d85b
- SHA512
  
  43b51cd8cd49c28b6df2d13221ecbc5f14009eb474d28c965ba3c677ef52c92882d3fe8b9db2648bfad47af076a06e202f612842b751056baf752df4c8d8de38
- SSDEEP
  
  24576:CTNg9wWNruIPoHbYeYZ5KgjwEMKzd5W4ot/tMxdGJAz8va3spm8zuNZJRLK1g4lo:CTO9wWNho+pIVMxs0l8CNZJRh4l34
Score

10^/10

vidar 1375 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Sony Vegas Pro/d3dcsx_46.dll
- Size
  
  1.8MB
- MD5
  
  8355e491fa90ca00045be22bb556b213
- SHA1
  
  1878a0cbbd064183ca290efd8841d11338a3dfcd
- SHA256
  
  85017342fd829fbd32d7045c2c0b2254e68e5c3bd6faa59c920dec878c765dcd
- SHA512
  
  d31b46468246cc554cf993d6114590121caad904966add2587b527f6c1421ed79822d7e332b6959c8e9b640526f38923a1f4cf4ae27120a351edc573304b6963
- SSDEEP
  
  24576:qannDf1/bJiWNwG1KSx1T4dEQMtqVC43uH1Ug:qynDf1/1iZs4dpMATeHL
Score

3^/10
behavioral7 behavioral8
- Target
  
  Sony Vegas Pro/keys.dll
- Size
  
  166KB
- MD5
  
  2c72867294029653210306933c4f53a7
- SHA1
  
  b1f7f0a441b767072294cda20b9539fa7de41a87
- SHA256
  
  a70f215428fe8fd412ef0efb74c5ad8d9afbc26eba4e416f1f4b22949c6fec5b
- SHA512
  
  eadbf37e44e42b6329206929d7675ac08eac0efed2f271e459fea7a844b2ff31054d39ab82ee779a397ba5a1b2718a0e42528bc5e388541aa64a8511c7788cd4
- SSDEEP
  
  3072:UjcH7izJoHwD+cguq5x4oCk052vK9WFi/Dbt2/aWb8c583pV6z3Y:2ewNg35CZl52vK9uSIDTY
Score

3^/10
behavioral9 behavioral10
- Target
  
  Sony Vegas Pro/swds.dll
- Size
  
  1.0MB
- MD5
  
  8c05b73c73273ecb9b5f69443e2641e2
- SHA1
  
  0770a02c6617f5223a08a27fc8d05ecedc947316
- SHA256
  
  f802c0a63c0e3e0336bfa35b34502a00e8ce06ad90d930273e81df5076846e16
- SHA512
  
  291f6e634afec9724e3a1e09b86d8c9b8f7a884669f96405b97ddcf6470139ee7e248ba663cd4aa97c541f83c48bd9ff98fd07ff71e6c0d9a375b3daab82a462
- SSDEEP
  
  24576:gfiy/IEaNYLIJG80ce+FAM6EEiO4uXk+IksxjTJqg6Wu:2/pjgGNce+FAG9O4uU+Iks1T7u
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

vidar1375spywarestealer

behavioral6

vidar1375spywarestealer

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12