vidar | a29e0591b394937ffcf1c020eccbd3e17546d09cd143896ef23f0cca3e65eaf7 | Triage

Submit
Reports

Overview

overview

Static

static

Software b...it.exe

windows7-x64

Software b...it.exe

windows10-2004-x64

Sharing

General

Target

Software by Yuki.rar
Size

869KB
Sample

221116-yqdjmsgf8s
MD5

245eaf35b12979b5064db6ac2488b0c1
SHA1

f3fbd989bfd25fa76cc77f6643b5835a295d4e1c
SHA256

a29e0591b394937ffcf1c020eccbd3e17546d09cd143896ef23f0cca3e65eaf7
SHA512

574ca1206d828a7c5333c317d78cbbc152e680b275fdc0b052faf994dcbcac79ab10debf037f6ce24daf6146466ff86884932da1ffdf20d347c6268b33cf690c
SSDEEP

24576:QZCevsBvQHg+hxGfi0X4gWCPBAS9OCX4nswgxZ+tE4s:QtHg+hxsXrOc4ns7cEZ

Score

10^/10

vidar 1325 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Software by Yuki/Set_up_Yuki_x64_bit.exe

Resource

win7-20221111-en

vidar 1325 discovery spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Software by Yuki/Set_up_Yuki_x64_bit.exe

Resource

win10v2004-20220901-en

vidar 1325 discovery spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1325

C2

https://t.me/deadftx

https://www.ultimate-guitar.com/u/smbfupkuhrgc1

Attributes

profile_id
1325

Targets

- Target
  
  Software by Yuki/Set_up_Yuki_x64_bit.exe
- Size
  
  686.4MB
- MD5
  
  e2524e747f7a208b556eb539d00f6bc3
- SHA1
  
  c353f75406a8643085e1590d76fc81f4c9d051ef
- SHA256
  
  0bbfad12bc7ed3664ffd4ac968b793a379da2dbc6f8496039ec21c00c8ab3102
- SHA512
  
  73eae8c6ecadee77d6c6f940de13ce268dbb5c18a83f2abee8df46f56dd68f88c7b8ea9e6ef48ac41e7e56ec66feea09bdb4b289a8425e8238ab9fff2ea3e308
- SSDEEP
  
  24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
Score

10^/10

vidar 1325 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vidar1325discoveryspywarestealer

behavioral2

vidar1325discoveryspywarestealerupx

© 2018-2024

Terms | Privacy