Overview

overview

10

Static

static

CorelDraw.exe

windows7-x64

10

CorelDraw.exe

windows10-2004-x64

10

bin.dll

windows7-x64

1

bin.dll

windows10-2004-x64

1

file.dll

windows7-x64

1

file.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CorelDraw.rar

  • Size

    7.4MB

  • Sample

    230128-bnwwwadg26

  • MD5

    1aacaeb4606c24875d23093e446ca9d6

  • SHA1

    3cff7bd3c32cf1bba50961e762f584877e76f018

  • SHA256

    74e569e3180a48649308d1696598d47e2d4f799005f669bb6cbb71815695ef3e

  • SHA512

    9c744cc531e7e873b5d8963768d4f1f311defdfe8782fb85357498c041286322ee5b1aef3a02f5287cc2677a57e4fff60546c99856a5bf7984385a0092999c60

  • SSDEEP

    196608:QmhZYDSQxfJEAPrmIzi42DR4r2aXura3DhLe:NZYDSruaIzifR4r2aCuDxe

Score
10/10
vidar408evasionspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    408

Targets

    • Target

      CorelDraw.exe

    • Size

      761.7MB

    • MD5

      2d790e017dca09d3497e3fb7b597bf15

    • SHA1

      24c82259cca85078cf6cc865c8d3ee010f7ca20d

    • SHA256

      0e9c05d27daf16d65dc642939d8c99a4853da6abf314e6f6095676def1672a9a

    • SHA512

      3d50d41ca2fe69c15ceae8c8be760386e88c14b5cb8dee26fa0026a6a8047f72cb3b6e5436e21463480b0d9d67caf8486d969d79e567289113f89471292c1215

    • SSDEEP

      24576:RSZQda8QjZq75Hj9dF/HYSmMKjjBn2tjGVZB21WtSHjCP0/speVIuD9im0sXtrQA:g8EZqFpASKjj3e3nPdNHZ

    Score
    10/10
    vidar408evasionstealertrojanspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      bin.dll

    • Size

      7KB

    • MD5

      d3b681d68824ea81f52c7d6b4a179da0

    • SHA1

      e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f

    • SHA256

      0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db

    • SHA512

      78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011

    • SSDEEP

      6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n

    Score
    1/10
    behavioral3behavioral4

    • Target

      file.dll

    • Size

      7KB

    • MD5

      d3b681d68824ea81f52c7d6b4a179da0

    • SHA1

      e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f

    • SHA256

      0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db

    • SHA512

      78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011

    • SSDEEP

      6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks