vidar | 2abdb6ee06f2e7eea7cce7258e665a92f1b4cb825c4635096da785e2eb1de377 | Triage

Submit
Reports

Overview

overview

Static

static

Set_up_Yuk...it.exe

windows7-x64

Set_up_Yuk...it.exe

windows10-2004-x64

Sharing

General

Target

Set_up_Yuki_x64_bit.exe
Size

2.4MB
Sample

221116-wr6kpscc72
MD5

715762e2c5e6f330e375f900bf37250b
SHA1

4ff0aa59b204982a146bf282a77f1919233d72b5
SHA256

2abdb6ee06f2e7eea7cce7258e665a92f1b4cb825c4635096da785e2eb1de377
SHA512

993b8cae22da78d98d84508c77926ddc558f8e5f56109933fb04620825cb8dba8b4622ea8fadcb15263f10dfa4152054314ce4fb553511b8175ab5df3a3cf02c
SSDEEP

24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Set_up_Yuki_x64_bit.exe

Resource

win7-20221111-en

vidar 1325 discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Set_up_Yuki_x64_bit.exe

Resource

win10v2004-20221111-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1325

C2

https://t.me/deadftx

https://www.ultimate-guitar.com/u/smbfupkuhrgc1

Attributes

profile_id
1325

Targets

- Target
  
  Set_up_Yuki_x64_bit.exe
- Size
  
  2.4MB
- MD5
  
  715762e2c5e6f330e375f900bf37250b
- SHA1
  
  4ff0aa59b204982a146bf282a77f1919233d72b5
- SHA256
  
  2abdb6ee06f2e7eea7cce7258e665a92f1b4cb825c4635096da785e2eb1de377
- SHA512
  
  993b8cae22da78d98d84508c77926ddc558f8e5f56109933fb04620825cb8dba8b4622ea8fadcb15263f10dfa4152054314ce4fb553511b8175ab5df3a3cf02c
- SSDEEP
  
  24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealerupx

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy