Overview

overview

10

Static

static

GuardiansO...er.exe

windows10-1703-x64

10

GuardiansO...er.exe

windows7-x64

10

GuardiansO...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1669917670.zip

  • Size

    1.1MB

  • Sample

    221201-wmdn5aea47

  • MD5

    e80dd3a4dbb91083dae171950f7405fb

  • SHA1

    98d4d08cbf05087dc76aeca012597a4ef38c0183

  • SHA256

    1aade1ef120667a78fbb91d4352ab4aac7313d91c32a301068c765f8dac7df53

  • SHA512

    d079e91795d8d918f14edf48d5c24cc05167b497241bd6bb022c5bb91ce235008676b9bc1dd8c79d72a722163f2b3826eca488580feb5e12b8863214322916ca

  • SSDEEP

    6144:g1QwcNOGE5duvS+tIbVDR5yjePlJ5WBwfvzAw+r57kv4EoM7tlVmiUKGMieV0jN3:gFc5AdY5IB1tlKBg7AwsqUymihV0vF

Score
10/10
vidar1784discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1784

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669
Attributes
  • profile_id

    1784

Targets

    • Target

      GuardiansOfThrone_Launcher.exe

    • Size

      709.1MB

    • MD5

      fc8ead8c901e145a8e57195135c156ef

    • SHA1

      97b54fff7fe033022a59d039cad011264b22e6fa

    • SHA256

      7d63ff2baeba1d9f30b05e3eaff761eb1e659fed6583ce8f147a988a5c3491e2

    • SHA512

      4268321b870320a1c892705293d1e96303b488f60697aacb609a13105d1a6a2a014e0eec2631639b2ccc2fe1a735aeccd874a96d7e08a20f2ebe21b774c8e5a3

    • SSDEEP

      12288:ceD12u7YVn46SeE3IBFtleBI7swYqUKmiBV0A:chfn4ME6FtNpYZK

    Score
    10/10
    vidar1784discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks