Overview

overview

10

Static

static

9bf97d34d8...3b.exe

windows7-x64

10

9bf97d34d8...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e054878cfc0b894fc143dd29fe25850d.bin

  • Size

    258KB

  • Sample

    230117-jxeyqage7w

  • MD5

    bf3c14ac862782574aa9e8c9b09a8816

  • SHA1

    4a80d7ffc6dccd43ebee9add05ee5d0a53a01344

  • SHA256

    2323da5725c3479513566747603769c50b5ca130d38fad3015d62e7fac28b7e2

  • SHA512

    ce0756e99fed99e5c65be88d1932e770feeaf9d6b11f3c144d7f293260897eca9f197ff19d88d25632354e18c5c72255610bd99ae003d5e53129f33a0a4baebd

  • SSDEEP

    6144:kAFwD3tmwNjiGxKd9ZcwlHiBogstVirCdBSCgY8Av4:kAFo3tmqzsMwtZiUBSin4

Score
10/10
vidar24discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

1.6

Botnet

24

C2

https://t.me/ibommat

https://steamcommunity.com/profiles/76561199446766594
Attributes
  • profile_id

    24

Targets

    • Target

      9bf97d34d8dad642255381440c4331ee412be29d6ac7571e601ed36fc67cd43b.exe

    • Size

      341KB

    • MD5

      e054878cfc0b894fc143dd29fe25850d

    • SHA1

      d92379413c28cced4c2933193409a227e1b3692f

    • SHA256

      9bf97d34d8dad642255381440c4331ee412be29d6ac7571e601ed36fc67cd43b

    • SHA512

      f3a5550fa1b05fed077a8ed38b8f65d7d956a7f4dd3352ad433787340d53028361ffc7034157b192c30facc5173fe25627670a1d71a49c21113ea82fa85c3777

    • SSDEEP

      6144:PLLem0+YpmC90kOvzUQPhkEthsZiJlukYxaMyf:PXemtYpmC90n1h1tu0luk/hf

    Score
    10/10
    vidar24stealerdiscoveryspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks