Overview

overview

10

Static

static

e7c48cfe74...a3.exe

windows7-x64

10

e7c48cfe74...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7c48cfe74cdb8db5a0f76a270dd9af538d309f3fe697db1091896e5647003a3.bin

  • Size

    359KB

  • Sample

    230125-nb8q5ahd9s

  • MD5

    7b05eb43920606053128de152e4efd49

  • SHA1

    985543ba3d60aaed5f530f50025505a447154552

  • SHA256

    e7c48cfe74cdb8db5a0f76a270dd9af538d309f3fe697db1091896e5647003a3

  • SHA512

    6df9e3ae57a3a5e12b1319b6138a74eb1c45a2f1956b1cdf28eafae0108cbeff6207bad9108fa67ae0d9dc9094b230ca6c9818b94154140b42542ac43ee0e435

  • SSDEEP

    6144:WLhBi/a1r13C4XJQZB6y1ieE9Pa/DX8QXvvlrExeeNOPukyFpjcK:W1BiCP3ZXJsBbEeE0gevvlrRes2lpjcK

Score
10/10
vidar14discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

1.5

Botnet

14

C2

https://t.me/dahuasecurit

https://steamcommunity.com/profiles/76561199441999914
Attributes
  • profile_id

    14

Targets

    • Target

      e7c48cfe74cdb8db5a0f76a270dd9af538d309f3fe697db1091896e5647003a3.bin

    • Size

      359KB

    • MD5

      7b05eb43920606053128de152e4efd49

    • SHA1

      985543ba3d60aaed5f530f50025505a447154552

    • SHA256

      e7c48cfe74cdb8db5a0f76a270dd9af538d309f3fe697db1091896e5647003a3

    • SHA512

      6df9e3ae57a3a5e12b1319b6138a74eb1c45a2f1956b1cdf28eafae0108cbeff6207bad9108fa67ae0d9dc9094b230ca6c9818b94154140b42542ac43ee0e435

    • SSDEEP

      6144:WLhBi/a1r13C4XJQZB6y1ieE9Pa/DX8QXvvlrExeeNOPukyFpjcK:W1BiCP3ZXJsBbEeE0gevvlrRes2lpjcK

    Score
    10/10
    vidar14stealerdiscoveryspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks