vidar | f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e
Size

332KB
Sample

221024-rdgbfahbdn
MD5

e75ec445beb33e400201791a3fba433d
SHA1

a2c29449d05c2a26077e45dfcb45e37ef7c638a8
SHA256

f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e
SHA512

4efdb748bcaef9aa1ca5bc934d5797f692a7bbd974fc675318124a4bfce62e074fd32a3033a10057a5af5cc1b9d2c7d87de316c31bce0f5b7d61983f1f967134
SSDEEP

6144:0vOVeLGesIxkyUJ/++5zPFj3D5HtFMLbv3:0vOw7sWi1+uzPFrD+f/

Score

10^/10

vidar 937 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e.exe

Resource

win10v2004-20220901-en

vidar 937 discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e
- Size
  
  332KB
- MD5
  
  e75ec445beb33e400201791a3fba433d
- SHA1
  
  a2c29449d05c2a26077e45dfcb45e37ef7c638a8
- SHA256
  
  f16953dfb98fb54bde6e9410883839e228ee09aa0a09892ab56a5ddfc76e7a0e
- SHA512
  
  4efdb748bcaef9aa1ca5bc934d5797f692a7bbd974fc675318124a4bfce62e074fd32a3033a10057a5af5cc1b9d2c7d87de316c31bce0f5b7d61983f1f967134
- SSDEEP
  
  6144:0vOVeLGesIxkyUJ/++5zPFj3D5HtFMLbv3:0vOw7sWi1+uzPFrD+f/
Score

10^/10

vidar 937 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar937discoveryspywarestealer

© 2018-2024

Terms | Privacy