vidar | 1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b
Size

331KB
Sample

221026-hea2daehd6
MD5

09551ab38f2e8cf814cf67f5d7a5f8e4
SHA1

9f0df37c979517c5c73c62f082ab6ecf87045e17
SHA256

1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b
SHA512

ee03f58b9a12e34735a0cf98ab4dd8cdc5f8006b657c6077aab457d6f7a585cd9bbe09309060d39764320122ecda85978dd8c4c5d6658f9089c4aeebab97614b
SSDEEP

6144:Bnx6fMB7iRLpdZQI9LRdhA4Yz2APhwhlQGruTp10B:Bnx6f4703ZQIBRdhAsAPhwhjSTLc

Score

10^/10

vidar 937 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b.exe

Resource

win10v2004-20220812-en

vidar 937 discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b
- Size
  
  331KB
- MD5
  
  09551ab38f2e8cf814cf67f5d7a5f8e4
- SHA1
  
  9f0df37c979517c5c73c62f082ab6ecf87045e17
- SHA256
  
  1beb50ab8de7ec33aec7deb5365fbebce3a91bfe9cf31387a5bf326ace08d48b
- SHA512
  
  ee03f58b9a12e34735a0cf98ab4dd8cdc5f8006b657c6077aab457d6f7a585cd9bbe09309060d39764320122ecda85978dd8c4c5d6658f9089c4aeebab97614b
- SSDEEP
  
  6144:Bnx6fMB7iRLpdZQI9LRdhA4Yz2APhwhlQGruTp10B:Bnx6f4703ZQIBRdhAsAPhwhjSTLc
Score

10^/10

vidar 937 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar937discoveryspywarestealer

© 2018-2024

Terms | Privacy