vidar | 2b57df19c9d33389491a5ebd6a38421ffb030af9ce703328910ae7a8686a2f37 | Triage

Submit
Reports

Overview

overview

Static

static

SetupYukix64bit.exe

windows7-x64

SetupYukix64bit.exe

windows10-2004-x64

Sharing

General

Target

SetupYukix64bit.exe
Size

1.3MB
Sample

221116-y2dzjsgg31
MD5

edfd759fcec73085ed3fe3c3da0006d1
SHA1

87fbaa609045bb1eb96bff7c4fe8c91e007c7055
SHA256

2b57df19c9d33389491a5ebd6a38421ffb030af9ce703328910ae7a8686a2f37
SHA512

2453ecc0db6d7aefb17dd07f6f77ec81cd465e2203beb2c759ac2b1988e50cf451642377b61d05b492080c6d5276f932c3968ba1f64df3e8a0d7318e1a98e0d9
SSDEEP

24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

SetupYukix64bit.exe

Resource

win7-20220812-en

vidar 1325 discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

SetupYukix64bit.exe

Resource

win10v2004-20221111-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1325

C2

https://t.me/deadftx

https://www.ultimate-guitar.com/u/smbfupkuhrgc1

Attributes

profile_id
1325

Targets

- Target
  
  SetupYukix64bit.exe
- Size
  
  1.3MB
- MD5
  
  edfd759fcec73085ed3fe3c3da0006d1
- SHA1
  
  87fbaa609045bb1eb96bff7c4fe8c91e007c7055
- SHA256
  
  2b57df19c9d33389491a5ebd6a38421ffb030af9ce703328910ae7a8686a2f37
- SHA512
  
  2453ecc0db6d7aefb17dd07f6f77ec81cd465e2203beb2c759ac2b1988e50cf451642377b61d05b492080c6d5276f932c3968ba1f64df3e8a0d7318e1a98e0d9
- SSDEEP
  
  24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealerupx

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy