Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    845KB

  • Sample

    230106-tdqk8ahb35

  • MD5

    11a986644f64289754c4d13a6a756872

  • SHA1

    6a2f283e249e9e8722ae8fdbee884f679d722b07

  • SHA256

    901c8836ce8ba319cd5239caab6356592a9d096af3f1f6c82e8134ae0ca19c3d

  • SHA512

    ad018bfa822bdfc3ffcdf1c5bc970d912094810c8d42aae1cba13eccfe79c4c870df748b1c0ef7dddd7666de1793318c52b54cfa07170862172d685a96a5c244

  • SSDEEP

    12288:YbI/ZRBN+vFNncEBo0W77qyrPUMpguW/pP:YbMBNONnBo02NsuW/9

Score
10/10
vidar1672stealer

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1672

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975
Attributes
  • profile_id

    1672

Targets

    • Target

      tmp

    • Size

      845KB

    • MD5

      11a986644f64289754c4d13a6a756872

    • SHA1

      6a2f283e249e9e8722ae8fdbee884f679d722b07

    • SHA256

      901c8836ce8ba319cd5239caab6356592a9d096af3f1f6c82e8134ae0ca19c3d

    • SHA512

      ad018bfa822bdfc3ffcdf1c5bc970d912094810c8d42aae1cba13eccfe79c4c870df748b1c0ef7dddd7666de1793318c52b54cfa07170862172d685a96a5c244

    • SSDEEP

      12288:YbI/ZRBN+vFNncEBo0W77qyrPUMpguW/pP:YbMBNONnBo02NsuW/9

    Score
    10/10
    vidar1672stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks