vidar | d03368ee0a48405588951849dcc327040617e3195ba1fbb177baaa52f8566003 | Triage

Submit
Reports

Overview

overview

Static

static

8

build.exe

windows10-1703-x64

build.exe

windows7-x64

build.exe

windows10-2004-x64

out.exe

windows10-1703-x64

3

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

Sharing

General

Target

build.exe
Size

457KB
Sample

230129-ts9yeaeh4v
MD5

af635f9cdc7fd597efb7d9d3c66f6149
SHA1

848b13affeef2432c354ec09e6d92bd5b3eaa902
SHA256

d03368ee0a48405588951849dcc327040617e3195ba1fbb177baaa52f8566003
SHA512

b6980b0aa70163e517c2049fefecc7bdf2efe55502098a6d37ac4c8e2c05937fab12d76b66f6f3c5d56a10599a2861a62e41432a3c217f37e4c8f74e2ab44d24
SSDEEP

12288:dxvmnJmVcrzn7/z9RSu8CQ/S1/HLxS3LiD8GA:DOAen77pme/HLxSbigF

Score

10^/10

vidar 399 spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

build.exe

Resource

win10-20220901-es

vidar 399 spyware stealer upx

windows10-1703-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

build.exe

Resource

win7-20220812-es

vidar 399 spyware stealer upx

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral3

Sample

build.exe

Resource

win10v2004-20220812-es

vidar 399 spyware stealer upx

windows10-2004-x64

9 signatures

300 seconds

Behavioral task

behavioral4

Sample

out.exe

Resource

win10-20220901-es

windows10-1703-x64

1 signatures

300 seconds

Behavioral task

behavioral5

Sample

out.exe

Resource

win7-20220812-es

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral6

Sample

out.exe

Resource

win10v2004-20221111-es

windows10-2004-x64

1 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

34.7

Botnet

399

C2

http://reliabledc.com/

Attributes

profile_id
399

Targets

- Target
  
  build.exe
- Size
  
  457KB
- MD5
  
  af635f9cdc7fd597efb7d9d3c66f6149
- SHA1
  
  848b13affeef2432c354ec09e6d92bd5b3eaa902
- SHA256
  
  d03368ee0a48405588951849dcc327040617e3195ba1fbb177baaa52f8566003
- SHA512
  
  b6980b0aa70163e517c2049fefecc7bdf2efe55502098a6d37ac4c8e2c05937fab12d76b66f6f3c5d56a10599a2861a62e41432a3c217f37e4c8f74e2ab44d24
- SSDEEP
  
  12288:dxvmnJmVcrzn7/z9RSu8CQ/S1/HLxS3LiD8GA:DOAen77pme/HLxSbigF
Score

10^/10

vidar 399 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3
- Target
  
  out.upx
- Size
  
  889KB
- MD5
  
  65c0cb29de2242f1291bed56c8c5cff0
- SHA1
  
  3ba1d244e986f95eaf2c2a9b19fd6e00581dcbc6
- SHA256
  
  c88a384b4ec9582d9b844e446b2ff5993f3459e3426b0bef9a2fbcc4e5c56a8f
- SHA512
  
  3444d480454603a8b3a98dd8d0603a042c27f022d42e047a2934e8235b7bd858ca6b20c4221959748a5f44904c5df5ac2c9011e868366b5ec509ae0f55e69585
- SSDEEP
  
  12288:4BI5w41fURofJH4XHX++xfmEeT6i+nCK:46z18OiO+hm36D
Score

3^/10
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar399spywarestealerupx

behavioral2

vidar399spywarestealerupx

behavioral3

vidar399spywarestealerupx

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy