vidar | 434f45359039b25ca4aaca82742c6a5f5317ad2a01c4146a53bc3fc5c2d7703b | Triage

Submit
Reports

Overview

overview

Static

static

Set_Yuki_x64.exe

windows7-x64

Set_Yuki_x64.exe

windows10-2004-x64

Sharing

General

Target

Set_Yuki_x64.exe
Size

6.1MB
Sample

221111-ez875abafm
MD5

8a179d54a162d143f19fd7064e361c05
SHA1

4f0cd167e6c22efd4e31357de7e4c66625bf7032
SHA256

434f45359039b25ca4aaca82742c6a5f5317ad2a01c4146a53bc3fc5c2d7703b
SHA512

4112f0f510735b0aa72c2119310aa182354f8aa12d8b9ec4e0c6861de1dcffe4ef491b6e7399de66204e4f4d083f3e879d822a7f3dc7775b86b5c307245b9f16
SSDEEP

24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Set_Yuki_x64.exe

Resource

win7-20220901-en

vidar 1325 discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Set_Yuki_x64.exe

Resource

win10v2004-20220812-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.6

Botnet

1325

C2

https://t.me/seclab_new

https://koyu.space/@ofade

Attributes

profile_id
1325

Targets

- Target
  
  Set_Yuki_x64.exe
- Size
  
  6.1MB
- MD5
  
  8a179d54a162d143f19fd7064e361c05
- SHA1
  
  4f0cd167e6c22efd4e31357de7e4c66625bf7032
- SHA256
  
  434f45359039b25ca4aaca82742c6a5f5317ad2a01c4146a53bc3fc5c2d7703b
- SHA512
  
  4112f0f510735b0aa72c2119310aa182354f8aa12d8b9ec4e0c6861de1dcffe4ef491b6e7399de66204e4f4d083f3e879d822a7f3dc7775b86b5c307245b9f16
- SSDEEP
  
  24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealerupx

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy