Overview

overview

10

Static

static

Setup.exe

windows10-1703-x64

10

Setup.exe

windows7-x64

10

Resubmissions

23-11-2022 09:27

221123-le5grsbb66 10

23-11-2022 09:15

221123-k7xf7adh2v 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe.7z

  • Size

    343KB

  • Sample

    221123-le5grsbb66

  • MD5

    2f62e3867adf91bd0bd4051a4c346bcb

  • SHA1

    fe7d0812f0e41f6e1588b3367c00341ba82a0357

  • SHA256

    16bcd1e33bb05108b76f8ea31011d4a2d297dbcce37f6fb2a3c3347ab7190a51

  • SHA512

    4fc87bee52af8fc247e788c7dbd17933a9ccb9a076d54dc53f95c74822c4d04c18e3aa22a525320027030af39433f007e4470fdecb226a84789b83cd5342c76d

  • SSDEEP

    6144:KRJi+ttc88iCJtGCjygXtZ8fz6luL33+dfkGCn+kdD2crjxFYPag06ty:2JiytmrNRXt+wfM+kl2bag06ty

Score
10/10
vidar1375spywarestealer

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1375

C2

https://t.me/deadftx

https://www.tiktok.com/@user6068972597711
Attributes
  • profile_id

    1375

Targets

    • Target

      Setup.exe

    • Size

      761.7MB

    • MD5

      f0debc46a47f40bbffbf8d563973a0f5

    • SHA1

      62182857b58cddee7903f66710ed0d7827e0d35d

    • SHA256

      85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb

    • SHA512

      7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9

    • SSDEEP

      12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI

    Score
    10/10
    vidar1375spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks