vidar | a1f85be67018434f06e910c13c4833aae7689793a7ce80a70ca5028877e9f40e | Triage

Submit
Reports

Overview

overview

Static

static

7

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

2.3MB
Sample

221121-wh1cbsfa9z
MD5

e11c78a0b335cc7bc36f45aabcdf8c20
SHA1

769469cb9929be583b7d2d4c9c04d84e02b3ed8c
SHA256

a1f85be67018434f06e910c13c4833aae7689793a7ce80a70ca5028877e9f40e
SHA512

8171e94360cd1fa8f94ea1d8a8b0e4b78828f3715e551e2a5c331e6bce8f869e445df773735b7df631bf87d97e8346c7db67334a62b67568b2cd9a044dbda6d8
SSDEEP

49152:WO/pc2ZUUGOATnlCC/6++wB90FmSVwuQY2KUllXOw2DO:vpTUUkT3/6poSKunullXOu

Score

10^/10

vidar 1679 evasion spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

vidar 1679 evasion spyware stealer themida trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

vidar 1679 evasion spyware stealer themida trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1679

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1679

Targets

- Target
  
  file.exe
- Size
  
  2.3MB
- MD5
  
  e11c78a0b335cc7bc36f45aabcdf8c20
- SHA1
  
  769469cb9929be583b7d2d4c9c04d84e02b3ed8c
- SHA256
  
  a1f85be67018434f06e910c13c4833aae7689793a7ce80a70ca5028877e9f40e
- SHA512
  
  8171e94360cd1fa8f94ea1d8a8b0e4b78828f3715e551e2a5c331e6bce8f869e445df773735b7df631bf87d97e8346c7db67334a62b67568b2cd9a044dbda6d8
- SSDEEP
  
  49152:WO/pc2ZUUGOATnlCC/6++wB90FmSVwuQY2KUllXOw2DO:vpTUUkT3/6poSKunullXOu
Score

10^/10

vidar 1679 evasion spyware stealer themida trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1679evasionspywarestealerthemidatrojan

behavioral2

vidar1679evasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy