vidar | 19857840331c8cc15dca34f5ad42c9d413cedfa307707d9c3764f2e7b43fc500 | Triage

Submit
Reports

Overview

overview

Static

static

Software Y...64.exe

windows7-x64

Software Y...64.exe

windows10-2004-x64

Sharing

General

Target

Software_Yuki.zip
Size

1.4MB
Sample

221111-qwhfsafg62
MD5

d8edde8e242fe61b58265c6a326ea435
SHA1

d8c50123a7d8bae21fbf1a826a06f6534f00039f
SHA256

19857840331c8cc15dca34f5ad42c9d413cedfa307707d9c3764f2e7b43fc500
SHA512

23a1ba690541d4d976407a120fe65cf9525409a1590750cfec821e41669d657fd56d89b2fac33f15dc93715d3477b467a5db0081159252038c0e3c3b348ff687
SSDEEP

24576:FAFUwIND8EcBD1YjTqnw4UFlxYYitUEoiIlPchl4itVnjLWibSm0Mus:FOai0jGSwzslPYl/uAz0fs

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Software Yuki/Set_Yuki_x64.exe

Resource

win7-20220812-en

vidar 1325 discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Software Yuki/Set_Yuki_x64.exe

Resource

win10v2004-20220812-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.6

Botnet

1325

C2

https://t.me/seclab_new

https://koyu.space/@ofade

Attributes

profile_id
1325

Targets

- Target
  
  Software Yuki/Set_Yuki_x64.exe
- Size
  
  686.6MB
- MD5
  
  3086921f1e7c9f7156ccbc08c9fa25a2
- SHA1
  
  80e78e6e4a9427729c977e30ee2cc84813542092
- SHA256
  
  2e2495ef2e8166ecf1015d54972ad676cf3deb5b8b0f32f434dfda48205b87ab
- SHA512
  
  81e2a221f6070bc255d53e3c4d09b6c681810d977d2d86e6f0f6758f59664bd5e158c3367b6b5ef2232c3f3f7016a02e18069ce06fd7c34817a8020e9ecac622
- SSDEEP
  
  24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealerupx

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy