Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7766e5442231b0d8574efb9d15110bfa814482a8160d655b45efb41813b9118f

  • Size

    2.8MB

  • Sample

    221101-l2gzzsbecr

  • MD5

    dcc0c7bed97cbe2d4ea3772ae98736a2

  • SHA1

    da81bb7e998107eb8710bb6c231dae7331c6442b

  • SHA256

    7766e5442231b0d8574efb9d15110bfa814482a8160d655b45efb41813b9118f

  • SHA512

    399a84fe2d8003f20e81cceceac74ad465824a82567a73407159391ad5c2cbbd1224260906cbfd3363003bc5f9369ce7f7ee373758c3839546b0a7a701063f38

  • SSDEEP

    24576:qVnSwhb+/8OKcIfYqY1gAmb0MsCTetd5vyWB/bcQyh9rhTM2x7b555555u5555pu:whSKcbzbcQ6rZwFkcUoydOdCl3l

Score
10/10
vidar1375spywarestealer

Malware Config

Extracted

Family

vidar

Version

55

Botnet

1375

C2

https://t.me/truewallets

https://mas.to/@zara99

http://116.203.10.3:80
Attributes
  • profile_id

    1375

Targets

    • Target

      7766e5442231b0d8574efb9d15110bfa814482a8160d655b45efb41813b9118f

    • Size

      2.8MB

    • MD5

      dcc0c7bed97cbe2d4ea3772ae98736a2

    • SHA1

      da81bb7e998107eb8710bb6c231dae7331c6442b

    • SHA256

      7766e5442231b0d8574efb9d15110bfa814482a8160d655b45efb41813b9118f

    • SHA512

      399a84fe2d8003f20e81cceceac74ad465824a82567a73407159391ad5c2cbbd1224260906cbfd3363003bc5f9369ce7f7ee373758c3839546b0a7a701063f38

    • SSDEEP

      24576:qVnSwhb+/8OKcIfYqY1gAmb0MsCTetd5vyWB/bcQyh9rhTM2x7b555555u5555pu:whSKcbzbcQ6rZwFkcUoydOdCl3l

    Score
    10/10
    vidar1375spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks