vidar | 22bb6a288e7d0f7da2f0f210619c8da124890f3c6d04b8ed86c07bc655a9b18e | Triage

Submit
Reports

Overview

overview

Static

static

1

Voicemod crack.exe

windows7-x64

Voicemod crack.exe

windows10-2004-x64

Resubmissions

04-02-2023 17:26

230204-vzyz6ahc5s 10

Sharing

General

Target

Voicemod crack.exe
Size

761.7MB
Sample

230204-vzyz6ahc5s
MD5

05242383b19c459e4ac2d76f823a6602
SHA1

12d531a3a39bf0571051e88410707216b72924bf
SHA256

22bb6a288e7d0f7da2f0f210619c8da124890f3c6d04b8ed86c07bc655a9b18e
SHA512

85444aba6dc8cbf2b9f7344c8b684ba6e16cd2aa1bf05746e279c73b4025673a7374b6f5b24662c92d401aeab76c9fe8b7b1fc26740f032c1ce863305390bde0
SSDEEP

6144:c9pdgQXdMITwYr19KY2oSQ7e8b5Y+3d0LPSYlhZGfq82weM9xKUagjZbafgUB3XK:c9pdgSxr19K/H18HdpYbcfpFKSwguq

Score

10^/10

vidar 408 spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Voicemod crack.exe

Resource

win7-20221111-en

vidar 408 spyware stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Voicemod crack.exe

Resource

win10v2004-20221111-en

vidar 408 spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Voicemod crack.exe
- Size
  
  761.7MB
- MD5
  
  05242383b19c459e4ac2d76f823a6602
- SHA1
  
  12d531a3a39bf0571051e88410707216b72924bf
- SHA256
  
  22bb6a288e7d0f7da2f0f210619c8da124890f3c6d04b8ed86c07bc655a9b18e
- SHA512
  
  85444aba6dc8cbf2b9f7344c8b684ba6e16cd2aa1bf05746e279c73b4025673a7374b6f5b24662c92d401aeab76c9fe8b7b1fc26740f032c1ce863305390bde0
- SSDEEP
  
  6144:c9pdgQXdMITwYr19KY2oSQ7e8b5Y+3d0LPSYlhZGfq82weM9xKUagjZbafgUB3XK:c9pdgSxr19K/H18HdpYbcfpFKSwguq
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealerupx

behavioral2

vidar408spywarestealer

© 2018-2024

Terms | Privacy