vidar | 0fe6217f7e3e574b93ebcaa46e3271f944e3c8a30f4996f84d77ab67bfa5406e | Triage

Submit
Reports

Overview

overview

Static

static

Set_Yuki_x64.exe

windows7-x64

Set_Yuki_x64.exe

windows10-2004-x64

Sharing

General

Target

Set_Yuki_x64.exe
Size

1.4MB
Sample

221111-mbyeqahc3x
MD5

d9534d31fd38538d6e5d00b03f75ad7d
SHA1

94f3388a8b56b86eb27d9fda2e218d9341e5c8e5
SHA256

0fe6217f7e3e574b93ebcaa46e3271f944e3c8a30f4996f84d77ab67bfa5406e
SHA512

8da827c837aad1fcf47822872de8461ccc37d7caea4980df11d1910d7ee1889802a83acaf4bd632702335abd1a591a2cf7515e1fbe9fe22c1f74ba37e5b42423
SSDEEP

24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Set_Yuki_x64.exe

Resource

win7-20220812-en

vidar 1325 discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Set_Yuki_x64.exe

Resource

win10v2004-20220812-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.6

Botnet

1325

C2

https://t.me/seclab_new

https://koyu.space/@ofade

Attributes

profile_id
1325

Targets

- Target
  
  Set_Yuki_x64.exe
- Size
  
  1.4MB
- MD5
  
  d9534d31fd38538d6e5d00b03f75ad7d
- SHA1
  
  94f3388a8b56b86eb27d9fda2e218d9341e5c8e5
- SHA256
  
  0fe6217f7e3e574b93ebcaa46e3271f944e3c8a30f4996f84d77ab67bfa5406e
- SHA512
  
  8da827c837aad1fcf47822872de8461ccc37d7caea4980df11d1910d7ee1889802a83acaf4bd632702335abd1a591a2cf7515e1fbe9fe22c1f74ba37e5b42423
- SSDEEP
  
  24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealerupx

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy