Overview

overview

10

Static

static

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

x32.dll

windows7-x64

1

x32.dll

windows10-2004-x64

1

x64.dll

windows7-x64

1

x64.dll

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AdobePhotoshop2022.rar

  • Size

    5.1MB

  • Sample

    221123-lwdelsfg8z

  • MD5

    e84f597870244d0426ba1be2b4428caf

  • SHA1

    22b47eef7ed082f76139aa6ab8b13d66477da971

  • SHA256

    9b0e3f676d8db16a09b3e1aba66d8400db2f6e25fadccdb5bd5dd5f10c244535

  • SHA512

    9dc257e09d757fdb8ab8b17db8afffbaadf95f5b3efe17192c66f828e921d3777d39c2d4fb1efc20b061f3c4533041da239e1266c4970029409b5255d52a04db

  • SSDEEP

    98304:qgMXx9bmv31eAPC/zrsezLEiNwxoImWijPo30CoG6nWiAoJ8so5ugAaIV:qxXvmv0Wazrt0iGxoImDjal6nDAoKsos

Score
10/10
vidar1375spywarestealer

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1375

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531
Attributes
  • profile_id

    1375

Targets

    • Target

      setup.exe

    • Size

      761.7MB

    • MD5

      026f00beb4df468d3ea64ecbcc112e91

    • SHA1

      e9b4254225f79d5acfd4a14707b9c62d9abb871f

    • SHA256

      eda7470f276c268f23e4e52e26db58e768159662160f84a2c95aee45f059e96f

    • SHA512

      77eda8c77337a53ac7d060122ca9dac2ac19bbad57a3640eb2734a14e1e84d5b670d3bdb1f399ded2f6024ba83ff438e90608082149cb7cd02fd5c39b37ad2db

    • SSDEEP

      6144:E1DWWl1mETFUMDo3v02vdzLZCpQeCIui9HPOB/8XJFKWJcp/mkhW0ShbZgl4k:A11JrSIuIHPOB/3WJcp/g3k

    Score
    10/10
    vidar1375spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      x32.dll

    • Size

      4.8MB

    • MD5

      d9b78f4b2f8f393c8854c7cc95eae5d8

    • SHA1

      8d648e7bda5b6bf7b02041189b9823fe8d4689e5

    • SHA256

      55faebb8f5e28cde50f561bbd2638db7edcfd26e7ee7b975e0049b113145ae38

    • SHA512

      6e76b524a56cc9bb5ae4beeedd41a48c35cf03c730752da3cae49862cb7bc3c17283099c39787f5933c1771eca7c2e651d92b961de7f43813f026eb295c90c81

    • SSDEEP

      49152:PcLeg66Ry8jdAYbppzo7Tzj1/JrRbkwW6Ydzzr3YCWizxCqDRkU9i4g1/JAyn:kLrBpr1o7bRyfdzzxz0NTA4

    Score
    1/10
    behavioral3behavioral4

    • Target

      x64.dll

    • Size

      14.5MB

    • MD5

      3bd5aea364326cdfa667651a93e7a4c9

    • SHA1

      f33b4a83e038363c1a4df919e6f6e0e41dba9334

    • SHA256

      23f04ba936568e9a7c9dce7a6beb52c9be7eb13b734cd390c99e7546cbe1973d

    • SHA512

      7bd4e742b4d683b79de54eaf7d8b215252212921b8a53d1fbfc8e51ce43505c003da62fd126663bc04bbc65b8f77b85232c78ea6ecba8a4e425c28c0e9c80dc3

    • SSDEEP

      393216:00Rly5ZnSHLe1tvwDTtwJuefdrX780dNYbg4A358TjGNrS1aKbBICZBSJLGWIGC2:NRlyP71tvwDTtwJuefdrX780dNYbg4Az

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks