Triage | Malware sandboxing report by Hatching Triage

Submit
Reports

Overview

overview

Static

static

8

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Open_New_Pass_1234_G4_Active.rar
Size

5MB
Sample

221220-qvjbpahf32
MD5

6a8fddac3de8f8b18c3789d7455a506f
SHA1

af822992f28e35504d8185fa558094e297a749ee
SHA256

8c5d344c77678fee2bf370d77313cd82a72442c4128ddfe9b4e32333e60116cd
SHA512

51283d6699bc0089543843e4acaafc192a7ae9d1590ed2969414d350e29d0905644f9340cc7578003077c3325da1d27b9f1908a0eb53dacd362ff8fd1f1a5a60
SSDEEP

98304:3HRXfqJpFNq+m0w83vbMTmf9whXXATb55+itpglc7UbDeEHkg:3xXfqJpF7wGvbMkWhXXAR9tp4zkg

Score

10^/10

vidar 1707 discovery spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

vidar 1707 discovery spyware stealer vmprotect

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

vidar 1707 discovery spyware stealer vmprotect

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

55.9

Botnet

1707

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1707

Targets

- Target
  
  Setup.exe
- Size
  
  402MB
- MD5
  
  19e277683daaedb4b3942d3319d31e63
- SHA1
  
  c824286280d18372edbc5940aedea542b1eb0cd1
- SHA256
  
  b66d3f7fc15dce8aca5a8489ddb7135b2a49fc2e39653ae9ac8ac4f6ea815412
- SHA512
  
  1568fcaf5a822634b2b8b1acf5d91f6b6e7288f2c8abb240211e071825449d987bb9ac4ef4f6ff78fa7dcf8e0860b1157e17a6f4929bb46a340dabe73c55eb73
- SSDEEP
  
  98304:9I7ZAIHZKVhDVETi5MhW4BKqhd4PHWOI8qLukblj4LmyvdYqG11:90AYYVi5hkHatLukbt43v6qG
Score

10^/10

vidar 1707 discovery spyware stealer vmprotect
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1707discoveryspywarestealervmprotect

behavioral2

vidar1707discoveryspywarestealervmprotect

© 2018-2023

Terms | Privacy