vidar | 3a87f4c5773d261302d59628ecd88ef4de554c5d8ff90bdc0876c2d780779ddf | Triage

Submit
Reports

Overview

overview

Static

static

1

Filmora2023.exe

windows7-x64

Filmora2023.exe

windows10-2004-x64

Sharing

General

Target

Filmora2023.exe
Size

761.7MB
Sample

230205-c7sh8sbc4v
MD5

e9b86872f7ccb57f84737364128b7cc9
SHA1

cc4edb90af92ae6b3e3122e6c3f35ed8f2b6d895
SHA256

3a87f4c5773d261302d59628ecd88ef4de554c5d8ff90bdc0876c2d780779ddf
SHA512

863e31eed9e359b89d121d5730a1350c37c757d1e3ae3f1fdfcc2d67a56eb6c5a19610a6234025530376f22c2a5c4f7d8bb329f276f95f753a2c15a46379e393
SSDEEP

12288:Dudb7OgMxQ0Q2hxPSmIcqMvqYUtirJuD1mK3h1fNQ:S9n70Q2hZSmIcq6qjTb3/NQ

Score

10^/10

vidar 408 spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Filmora2023.exe

Resource

win7-20221111-en

vidar 408 spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Filmora2023.exe

Resource

win10v2004-20221111-en

vidar 408 spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Filmora2023.exe
- Size
  
  761.7MB
- MD5
  
  e9b86872f7ccb57f84737364128b7cc9
- SHA1
  
  cc4edb90af92ae6b3e3122e6c3f35ed8f2b6d895
- SHA256
  
  3a87f4c5773d261302d59628ecd88ef4de554c5d8ff90bdc0876c2d780779ddf
- SHA512
  
  863e31eed9e359b89d121d5730a1350c37c757d1e3ae3f1fdfcc2d67a56eb6c5a19610a6234025530376f22c2a5c4f7d8bb329f276f95f753a2c15a46379e393
- SSDEEP
  
  12288:Dudb7OgMxQ0Q2hxPSmIcqMvqYUtirJuD1mK3h1fNQ:S9n70Q2hZSmIcq6qjTb3/NQ
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealerupx

behavioral2

vidar408spywarestealer

© 2018-2024

Terms | Privacy