vidar | 546e8255f0e22232db99e894e6044bed4ca05d14d601193e5e8c91e144011455 | Triage

Submit
Reports

Overview

overview

Static

static

Quick Indi...er.exe

windows7-x64

Quick Indi...er.exe

windows10-2004-x64

Sharing

General

Target

MDE_File_Sample_4769a84f87a7229e8acd968d085468a00c7b4f9a.zip
Size

4.3MB
Sample

221214-hwnnsshd29
MD5

aa83ead6d4e29dc4f3a63f58d6994bde
SHA1

8a0de39f5fd7a4a6cb6874a3057724f9a233986c
SHA256

546e8255f0e22232db99e894e6044bed4ca05d14d601193e5e8c91e144011455
SHA512

96c7efc1a011f046ede82f9c285ced2aedee83a2edefa21bb8fe8845827af55ae4b820d17f7123c8cc672ff39c37f64148513e0e8f9a07a71a67117600fd8e87
SSDEEP

98304:6ivsXqJ3CsDrAwo4Z0ru/PSaQ/R/EEP54s5teWL:6RXqJvfm4b/KvRBxpDPL

Score

10^/10

vidar 1142 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Quick Indicator Tester.exe

Resource

win7-20221111-en

vidar 1142 discovery spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quick Indicator Tester.exe

Resource

win10v2004-20220812-en

vidar 1142 discovery spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1142

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1142

Targets

- Target
  
  Quick Indicator Tester.exe
- Size
  
  401.8MB
- MD5
  
  718f7e0ce95a05dc5e2e834a13348e40
- SHA1
  
  e6ca520f582875c23ec4f802ab78e8e236487e2b
- SHA256
  
  0360cdb4d1428dd656e950f025eed14d1a43a16903bcc9e7c6b2e7ff0eb42dc1
- SHA512
  
  2fac5e35e4c27f01f103ebb0e4dcaf97754dbc772656c775632a4c0943dd6b6020650e3105f90d316472b83a6ca676189d1e165f19b80ff3be0c6f6191470554
- SSDEEP
  
  98304:NM+CBziMUphx2p90SqEmLdRI+/HJNIIRjUr3kLDEMITa+:KziMGhx2f0Sqw+/Lm6EDTr
Score

10^/10

vidar 1142 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1142discoveryspywarestealer

behavioral2

vidar1142discoveryspywarestealer

© 2018-2024

Terms | Privacy