Overview

overview

10

Static

static

Filmora2022.exe

windows7-x64

10

Filmora2022.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Filmora2022.exe

  • Size

    2.3MB

  • Sample

    230201-rgpf8aaa28

  • MD5

    165565e5544c5b2912fbb7527c10c89f

  • SHA1

    5c94ff6c3c6b5e371ce790856eee98ac0fc8b88a

  • SHA256

    0278ba554a2930ea59fbe679e07224c2a97362becda8c5c422f3c775dbc53a3a

  • SHA512

    5775096c4a14b60a503678cce7c8700c7d58b4ade2e3d9338085b70f7c6440190f7df133f11098edfd9faac9f89129d362a059c63b795331866f4a77d0224890

  • SSDEEP

    24576:JP2Nr/ox3EmOgBRWoIy1MIWHOq8aDCc5Orzb06Y51fdJFP9XJ2VyGbYJc6IU2rew:JP2NDox3nLMIOOq8aOr

Score
10/10
vidar408evasionspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    408

Targets

    • Target

      Filmora2022.exe

    • Size

      2.3MB

    • MD5

      165565e5544c5b2912fbb7527c10c89f

    • SHA1

      5c94ff6c3c6b5e371ce790856eee98ac0fc8b88a

    • SHA256

      0278ba554a2930ea59fbe679e07224c2a97362becda8c5c422f3c775dbc53a3a

    • SHA512

      5775096c4a14b60a503678cce7c8700c7d58b4ade2e3d9338085b70f7c6440190f7df133f11098edfd9faac9f89129d362a059c63b795331866f4a77d0224890

    • SSDEEP

      24576:JP2Nr/ox3EmOgBRWoIy1MIWHOq8aDCc5Orzb06Y51fdJFP9XJ2VyGbYJc6IU2rew:JP2NDox3nLMIOOq8aOr

    Score
    10/10
    vidar408evasionstealertrojanspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks