Overview

overview

10

Static

static

67d6236968...9d.exe

windows7-x64

10

67d6236968...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67d623696828f77a0c7b9c81960709579c7b95f4c26d569b420ab05bbdf0049d.bin

  • Size

    528KB

  • Sample

    230125-nbp9safg89

  • MD5

    9105e24109392b36a6551e7fcd752973

  • SHA1

    56bc844aa457de6b450cf08c427d534e7331572f

  • SHA256

    67d623696828f77a0c7b9c81960709579c7b95f4c26d569b420ab05bbdf0049d

  • SHA512

    cd1682f425b1529d2ac95ace0f2bc13dc89e828f28d4c2b4d0599332c8c25648e3d700156a68cc197e222fc4d717b713826f4a36d1346bbf6c2d35e188c8890f

  • SSDEEP

    12288:0TvwH50cBHpdEfEOYeGB5L+8wpMTB6xW1ZJ8/FcHxSn:ZyIHy8eGfL+zwfG/FwO

Score
10/10
vidar821stealer

Malware Config

Extracted

Family

vidar

Version

1.9

Botnet

821

C2

https://t.me/travelticketshop

https://steamcommunity.com/profiles/76561199469016299
Attributes
  • profile_id

    821

Targets

    • Target

      67d623696828f77a0c7b9c81960709579c7b95f4c26d569b420ab05bbdf0049d.bin

    • Size

      528KB

    • MD5

      9105e24109392b36a6551e7fcd752973

    • SHA1

      56bc844aa457de6b450cf08c427d534e7331572f

    • SHA256

      67d623696828f77a0c7b9c81960709579c7b95f4c26d569b420ab05bbdf0049d

    • SHA512

      cd1682f425b1529d2ac95ace0f2bc13dc89e828f28d4c2b4d0599332c8c25648e3d700156a68cc197e222fc4d717b713826f4a36d1346bbf6c2d35e188c8890f

    • SSDEEP

      12288:0TvwH50cBHpdEfEOYeGB5L+8wpMTB6xW1ZJ8/FcHxSn:ZyIHy8eGfL+zwfG/FwO

    Score
    10/10
    vidar821stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks