vidar | e6a6768113ac95564ad2d20108435e8dd65bfe3fc741249039835076d4aba350 | Triage

Submit
Reports

Overview

overview

Static

static

48bc23c628...08.exe

windows7-x64

48bc23c628...08.exe

windows10-2004-x64

Sharing

General

Target

48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe
Size

4.0MB
Sample

221124-hs8jssff48
MD5

53d2acf9be6296d3aceb4ae9ac788f8c
SHA1

da60d78c18ccea5e394758c1ab226912b4240aad
SHA256

e6a6768113ac95564ad2d20108435e8dd65bfe3fc741249039835076d4aba350
SHA512

1494af01a22ed6615939052dabad7572d4ee69813dbf7894c0105db63c2cf00806ffb246cdc21eedf1ffbe36ace4d0f74a32b1d0d9c03b4612c8e9438a0edbe7
SSDEEP

98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8K:epNpVnQ3xrcBY2cMZh

Score

10^/10

vidar 1364 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe

Resource

win7-20220901-en

vidar 1364 discovery spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe

Resource

win10v2004-20220901-en

vidar 1364 discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1364

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1364

Targets

- Target
  
  48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe
- Size
  
  4.0MB
- MD5
  
  53d2acf9be6296d3aceb4ae9ac788f8c
- SHA1
  
  da60d78c18ccea5e394758c1ab226912b4240aad
- SHA256
  
  e6a6768113ac95564ad2d20108435e8dd65bfe3fc741249039835076d4aba350
- SHA512
  
  1494af01a22ed6615939052dabad7572d4ee69813dbf7894c0105db63c2cf00806ffb246cdc21eedf1ffbe36ace4d0f74a32b1d0d9c03b4612c8e9438a0edbe7
- SSDEEP
  
  98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8K:epNpVnQ3xrcBY2cMZh
Score

10^/10

vidar 1364 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1364discoveryspywarestealer

behavioral2

vidar1364discoveryspywarestealer

© 2018-2024

Terms | Privacy