Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d52aa8cc28ef3103bab21cf03709e81c43f92a6458b2bae55488f4c9dcd33a4

  • Size

    2.8MB

  • Sample

    221101-lwebxaaec2

  • MD5

    6218c30340eabe45a85010550750da22

  • SHA1

    13c2051618d4d395fefbbfd165c234d59a17f772

  • SHA256

    6d52aa8cc28ef3103bab21cf03709e81c43f92a6458b2bae55488f4c9dcd33a4

  • SHA512

    693c0c7e068d8cd328cbe89e76a146caf59a652ba325d9679e2a3ab81cf08a263e5ca2b8b060093e1d05e0a75a8b01ba259a6ca3754cb8b05576f4eab1f77101

  • SSDEEP

    24576:dFZlmt1I8RE66YGYCeJLgqFMqIdVW9W3js9BEynk45LQul3RuQ55313+:PfA1IMEQDkjs9BEynk45hl3s

Score
10/10
vidar1375spywarestealer

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1375

C2

https://t.me/trampapanam

https://nerdculture.de/@yoxhyp
Attributes
  • profile_id

    1375

Targets

    • Target

      6d52aa8cc28ef3103bab21cf03709e81c43f92a6458b2bae55488f4c9dcd33a4

    • Size

      2.8MB

    • MD5

      6218c30340eabe45a85010550750da22

    • SHA1

      13c2051618d4d395fefbbfd165c234d59a17f772

    • SHA256

      6d52aa8cc28ef3103bab21cf03709e81c43f92a6458b2bae55488f4c9dcd33a4

    • SHA512

      693c0c7e068d8cd328cbe89e76a146caf59a652ba325d9679e2a3ab81cf08a263e5ca2b8b060093e1d05e0a75a8b01ba259a6ca3754cb8b05576f4eab1f77101

    • SSDEEP

      24576:dFZlmt1I8RE66YGYCeJLgqFMqIdVW9W3js9BEynk45LQul3RuQ55313+:PfA1IMEQDkjs9BEynk45hl3s

    Score
    10/10
    vidar1375spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks