Overview

overview

10

Static

static

9e823478f8...07.exe

windows7-x64

10

9e823478f8...07.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907.zip

  • Size

    4.7MB

  • Sample

    221124-hqx1aafd93

  • MD5

    56e20bc34fee9c02a8c81b6d7ff10e58

  • SHA1

    a17c030deb340d49aea9566035c1583206fd887d

  • SHA256

    4cf31f80b104e9507586c9cfd87f01feb69885c7d63867ff0bcd6393fb235b85

  • SHA512

    2278776b83fc6feb3c067810ebbe8d7e5bcb50566e2707f3736685b8583421cbb82da94e715b5b19aa9738478b1aadeb86ee3fb88e9221694cc730e60b07774c

  • SSDEEP

    98304:uuelwa+05Wcgdggq0T8meILJkXOV3oqm7HrF2IwokgJK:uXDDgddt/3o5FrE

Score
10/10
vidar1364discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1364

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531
Attributes
  • profile_id

    1364

Targets

    • Target

      9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907

    • Size

      401.8MB

    • MD5

      ff46ba54163c4e07c072612cd5c2ac8f

    • SHA1

      4e5aa4c7ac64aa29dfc3ecad796c9698aefdd601

    • SHA256

      9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907

    • SHA512

      a909c91ba27b614526ed9e8ceb8b6416750f6d784e893314b879d631b946ebc5134cc62218432329a159fac08b3143f98a3ac77c957bc3bb31b76fdf0017f78f

    • SSDEEP

      98304:ylKF/xupJR/EgwFC8qJ6iUkJZ+7aXD6Wl2cPP0hiK:ylCoJgFCXp5D/PPP6iK

    Score
    10/10
    vidar1364discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks