Overview

overview

10

Static

static

1

Route Map.exe

windows7-x64

10

Route Map.exe

windows10-2004-x64

10

Route Maps.exe

windows7-x64

10

Route Maps.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Route Maps.zip

  • Size

    6.1MB

  • Sample

    230203-pnh7nsfb89

  • MD5

    9245447c65bdd357f879d8c3a6502730

  • SHA1

    6f504fd8e119cfca2bfd5eefb62973de5b621c83

  • SHA256

    74b294b1269b2db683cd270db19655e4f47c41c6a6b17fc2dfc339b50470a74c

  • SHA512

    8fd65777c9dc57f43064c5a0268da9a5aa55296cafa6afdabc73b28d2c93897a91f5dd7df0a290f1c49d227a6875955c83621d9e1ed18109ddace69145548285

  • SSDEEP

    98304:YGkdUXAnIiE+M8PlgffigxaXDeijT6CyJPV8Ysdu26wF:YYXAnIBolgf5cjTrypVNUHRF

Score
10/10
vidar875spywarestealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

875

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123
Attributes
  • profile_id

    875

Extracted

Family

vidar

Version

2.2

Botnet

875

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    875

Targets

    • Target

      Route Map.exe

    • Size

      278.8MB

    • MD5

      b3523d1a617ded5594858dbc74f7cbc4

    • SHA1

      35a4b9a4927dfbe688bfcd8a0d807557c814e458

    • SHA256

      2105a6fd262064e57bedafa4d06f04d357c3e936eb652be4ca48a80b576f03be

    • SHA512

      2c18c5a4988b28a68956c283a73df2d6d8cf5e65ba62c754c1962f78184953f2fa528bf8b152b5fa9c81eb9ef8b228856f49810d56bc22553d3f05c3b5c649c0

    • SSDEEP

      12288:3WYQZ4ULu/zsA6/krtVZsFgC5+WCEfHQci/S:hQ8L16srt/WgpnIwc8

    Score
    10/10
    vidar875spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Route Maps.exe

    • Size

      739.0MB

    • MD5

      8f0688799099cf910ab2682a05157353

    • SHA1

      8f55bcaac0aea34e846116e0f0ec37ebee9a8850

    • SHA256

      84bfaeb9b8dd2dc8b5828c44d9fe482892148911784f7ba04731fca73b7d7b93

    • SHA512

      e5760d0b160a0da822ffe33274ad7d31c40c3e8a0a949c50556129626691b218658fde067fb567bbe839fa99dc81a3da46dc5d3deb97bc713387660678a586a5

    • SSDEEP

      12288:rh4BoLish2RPws9dfVTaqd74vWgleSrMYFsUYp:GBoOOwwsAvdVrMYap

    Score
    10/10
    vidar875stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks