Overview

overview

10

Static

static

a2e1443efc...11.exe

windows7-x64

10

a2e1443efc...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2e1443efcc1458c18a04baa94a78511.exe

  • Size

    296KB

  • Sample

    221205-1tcgvsea7x

  • MD5

    a2e1443efcc1458c18a04baa94a78511

  • SHA1

    e27c11ac5a6f96560df8df7fd444ab1557d7bbd6

  • SHA256

    e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1

  • SHA512

    aba5aeaf1bda31e40ef78cd2f4154739c8e7def494e5f4ca5c115d0953149cd4b20cd8672cabb00c756b6288a1165b60c72dca391f5c6134afc5ee53ce4360ab

  • SSDEEP

    6144:dMWAOA+Xg8kN7ws7b3A03ZyG2epQdYQJI+McpO:dM9+QTwOZyVepQdORK

Score
10/10
vidar14discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

1.3

Botnet

14

C2

https://t.me/samuelljax

https://steamcommunity.com/profiles/76561199439725733
Attributes
  • profile_id

    14

Targets

    • Target

      a2e1443efcc1458c18a04baa94a78511.exe

    • Size

      296KB

    • MD5

      a2e1443efcc1458c18a04baa94a78511

    • SHA1

      e27c11ac5a6f96560df8df7fd444ab1557d7bbd6

    • SHA256

      e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1

    • SHA512

      aba5aeaf1bda31e40ef78cd2f4154739c8e7def494e5f4ca5c115d0953149cd4b20cd8672cabb00c756b6288a1165b60c72dca391f5c6134afc5ee53ce4360ab

    • SSDEEP

      6144:dMWAOA+Xg8kN7ws7b3A03ZyG2epQdYQJI+McpO:dM9+QTwOZyVepQdORK

    Score
    10/10
    vidar14discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks