Overview

overview

10

Static

static

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    lexi-main.zip

  • Size

    1.4MB

  • Sample

    230104-zf6m4shf62

  • MD5

    3cc86fabab56d2586123b6987e3fda77

  • SHA1

    f8c9dc49a7697cdffa2fede526af99be1f355eaf

  • SHA256

    627a4b4c4b74f987b4d9438b90a9f064fdc8f1b9b2f1e108fed555cad1ba795a

  • SHA512

    43fe08d826db9048cc5c1b88e83af3bdf1e7d57aaefd7668b58cea5905a2837439cabec01d310ba0ee89d8969b0dc20504f353c66c9fc8ef898e06ca757bffc4

  • SSDEEP

    24576:5UIEaUEq8VQBFv65Mthr1Zy7uKJkD3Tm6BAbd5nRqgPNb0oKGwb9qrYiQz:hlVQBFC6hrLy73c3Tm6BAR5nQoN3KTbV

Score
10/10
vidar713spywarestealer

Malware Config

Extracted

Family

vidar

Version

1.8

Botnet

713

C2

https://t.me/year2023start

https://steamcommunity.com/profiles/76561199467421923
Attributes
  • profile_id

    713

Targets

    • Target

      setup.exe

    • Size

      687.1MB

    • MD5

      9d0258317b5a7ae904e5aeae555c0d2c

    • SHA1

      0ff16422c69a3fbe940240f045cdf92f721f6812

    • SHA256

      7a3579661b4a78ef73563662fed3193d6277e124562b6bff4c65130948668ed5

    • SHA512

      a0fc9ee65e2af5615a6b7d395892ece497ecddc3c76aae80b5a0a1339c195a70db5e90cbda8bf2085b17666ca090bfff43318d97c06a9614663c9f3cea715c7c

    • SSDEEP

      12288:vCrqs5Gqd60s/HB2y0MKGqDqrNT8w5wREicnFBgudACq5:vDUxw2kqkTOudAD

    Score
    10/10
    vidar713stealerspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks