Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6bfac7006b2abd59450fbb255f7012a542095cc7367db0e0100c33e0a62c9e7

  • Size

    2.8MB

  • Sample

    221101-mqnh3abhdp

  • MD5

    584f061ba8fe5d0eddcf3b68146763e2

  • SHA1

    b60461bd014a2105398bcdd18a47c0befce48dc0

  • SHA256

    a6bfac7006b2abd59450fbb255f7012a542095cc7367db0e0100c33e0a62c9e7

  • SHA512

    f451e66f76543d9621b33099ecca31f6e201bb1bdf6009596316f7b32a5fa3bf8f7408d4b2e2d8bd4f2eae93b3b9295c97ae3fcaef7314b8c39ac4c641c7212b

  • SSDEEP

    49152:78hmk3ryQy9TN/bYhM1Z/ZAkzdzYFwLeUeuXl3Q:78hmk3ryQolryFwLeJT

Score
10/10
vidar1375spywarestealer

Malware Config

Extracted

Family

vidar

Version

55.1

Botnet

1375

C2

https://t.me/tg_privatetalk

https://nerdculture.de/@yixehi33

http://195.201.252.190:80
Attributes
  • profile_id

    1375

Targets

    • Target

      a6bfac7006b2abd59450fbb255f7012a542095cc7367db0e0100c33e0a62c9e7

    • Size

      2.8MB

    • MD5

      584f061ba8fe5d0eddcf3b68146763e2

    • SHA1

      b60461bd014a2105398bcdd18a47c0befce48dc0

    • SHA256

      a6bfac7006b2abd59450fbb255f7012a542095cc7367db0e0100c33e0a62c9e7

    • SHA512

      f451e66f76543d9621b33099ecca31f6e201bb1bdf6009596316f7b32a5fa3bf8f7408d4b2e2d8bd4f2eae93b3b9295c97ae3fcaef7314b8c39ac4c641c7212b

    • SSDEEP

      49152:78hmk3ryQy9TN/bYhM1Z/ZAkzdzYFwLeUeuXl3Q:78hmk3ryQolryFwLeJT

    Score
    10/10
    vidar1375spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks