vidar | c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053 | Triage

Submit
Reports

Overview

overview

Static

static

c7527552e4...53.exe

windows7-x64

c7527552e4...53.exe

windows10-2004-x64

Sharing

General

Target

c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.bin
Size

428KB
Sample

230125-nbtbfahd81
MD5

51c7bf8f21a041942f3f307d5667ec1b
SHA1

8bb72efd6a0ce17720e75e7c8e39698deaf0c4b8
SHA256

c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053
SHA512

91ac2036b8a89ff901d6fd1de301b7709a0af82ce40a09599df60141e7114b6275e40be6126bfe14f8dc8d1fac6fa2e6d6b514619dac7552b3c57e31d6e12ec8
SSDEEP

6144:piEsLX1A5bOi8qvU7xZa8V50taXV6x6pvYk0E32P61hJFIJfVAVrwU+:0972brjv6c8VbfpvYJE32P6PHgtyQ

Score

10^/10

vidar 24 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.exe

Resource

win7-20221111-en

vidar 24 stealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.exe

Resource

win10v2004-20220812-en

vidar 24 discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

1.6

Botnet

24

C2

https://t.me/ibommat

https://steamcommunity.com/profiles/76561199446766594

Attributes

profile_id
24

Targets

- Target
  
  c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053.bin
- Size
  
  428KB
- MD5
  
  51c7bf8f21a041942f3f307d5667ec1b
- SHA1
  
  8bb72efd6a0ce17720e75e7c8e39698deaf0c4b8
- SHA256
  
  c7527552e464aaa5542ae881af3f226267d6821a842686d90727c092c7dd8053
- SHA512
  
  91ac2036b8a89ff901d6fd1de301b7709a0af82ce40a09599df60141e7114b6275e40be6126bfe14f8dc8d1fac6fa2e6d6b514619dac7552b3c57e31d6e12ec8
- SSDEEP
  
  6144:piEsLX1A5bOi8qvU7xZa8V50taXV6x6pvYk0E32P61hJFIJfVAVrwU+:0972brjv6c8VbfpvYJE32P6PHgtyQ
Score

10^/10

vidar 24 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar24discoveryspywarestealer

© 2018-2024

Terms | Privacy