Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    349KB

  • Sample

    221230-k6rjjsae9y

  • MD5

    cb0e1b3bfe4f672cb494cad8b017b441

  • SHA1

    9677a1d40070b7f407a1a4cd97976fa2ded3d384

  • SHA256

    0a122d60198f5a0c405cc4d16647fcd302301aaa56109c00009907a6876e205d

  • SHA512

    58d79347f4a11bb98008428c4d2fd282f64dc63941eb83bb47ef835668f3d22999c30f928df8ab3af3ba3895d120c6d3d871b2f2c207813cbc6638559ebc42ee

  • SSDEEP

    6144:gL9pUAgYTMJ9H+2fC21QNQ18MNRfP3CygplnFFSzfQjJcD9wyo5oyx3E5:gnUAbAtsN3MNdGlncfQlcDCd

Score
10/10
vidar24discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

1.7

Botnet

24

C2

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097
Attributes
  • profile_id

    24

Targets

    • Target

      file.exe

    • Size

      349KB

    • MD5

      cb0e1b3bfe4f672cb494cad8b017b441

    • SHA1

      9677a1d40070b7f407a1a4cd97976fa2ded3d384

    • SHA256

      0a122d60198f5a0c405cc4d16647fcd302301aaa56109c00009907a6876e205d

    • SHA512

      58d79347f4a11bb98008428c4d2fd282f64dc63941eb83bb47ef835668f3d22999c30f928df8ab3af3ba3895d120c6d3d871b2f2c207813cbc6638559ebc42ee

    • SSDEEP

      6144:gL9pUAgYTMJ9H+2fC21QNQ18MNRfP3CygplnFFSzfQjJcD9wyo5oyx3E5:gnUAbAtsN3MNdGlncfQlcDCd

    Score
    10/10
    vidar24stealerdiscoveryspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks