vidar | 12a97140043e32e3a4f15bb9a17e16692d06c33cd56bb6d497ac6be2c5c02093 | Triage

Sharing

General

Target

Kaspersky Internet Security 21.3.10.391.rar
Size

7.8MB
Sample

230215-1axcxsec68
MD5

68ec8fe70d0a5aa0fe24ad80f6b7b1a9
SHA1

b7450a3dda89e9345bb03419d5ce8186d1434ecc
SHA256

12a97140043e32e3a4f15bb9a17e16692d06c33cd56bb6d497ac6be2c5c02093
SHA512

5abf719dee7ad931553178fecfaa1d2a18c30c49345b6875780ef7ba4b5a0c79be98ceaa666ae523642733157b158f6f5a57fe3e550e8fdc741dcaff4f45a4ab
SSDEEP

196608:bIYRUb6qSDXndysIwFWsAdNBpMMfDUoRZxf2ZMVAtegClVusDADi:bIYRDqGd/SBp3fVRZhUTa6EAG

Score

10^/10

vidar 408 spyware stealer upx

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Setup.exe
- Size
  
  761.7MB
- MD5
  
  ddcd572aa21f1a3d9d15459ada5211b7
- SHA1
  
  dc27ed639e0217a762dee91ce87e78dc90df6894
- SHA256
  
  8ec2c0ea0b7d5c37f660d008204d2ab0b9e16068c5170a1f47a00b1a976ae338
- SHA512
  
  ccba90ae230d133ba6a9c86ace2e7dea623a15334dd92dd4e0851f2e0450dcf19475b1714e67f0ba0026840168ff4861b8bfdd315fb9c5d8558a4f71467921f2
- SSDEEP
  
  6144:MUGCyZKR2xcdgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/6Fip6y/OMm:MUGCp7e82fZPMfq3tzWdvoZL92fMBg
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  dbghelp.dll
- Size
  
  1020KB
- MD5
  
  74edbb03de3291fcf2094af1fb363f1d
- SHA1
  
  16b5d948ed7843576781dc4f2a391607ac0120a4
- SHA256
  
  dca9f45efed8eab442b491aebda3e3cce7f5f9fc5de527d2dbdfd85a5be85dfa
- SHA512
  
  b08eb03c54f25979c5aee745530ecd51c5761eb99871b867ff84e14590b32ef3247e17cf63bf953ee1efcb0fda8c4540191b9280db33359fdca352967e42b289
- SSDEEP
  
  24576:YXm4cpDFYD2aC0jH5yrrXlpWrCSyZC0wLHr298TG00g8EAB4a:hpKD2aC0jH5yr7DWRyZlwH29vjDIa
Score

1^/10
behavioral3 behavioral4
- Target
  
  dll/DLL_AnalyzeGesturesInOne.dll
- Size
  
  61KB
- MD5
  
  06302fa1044ce5f410b4e50b45ee89d0
- SHA1
  
  cc6930123b6bf912f497d46f9e7916645422462a
- SHA256
  
  30ea045a8804aea07d4c10a1b65029459d45075033db71f91c5ddce9c35656f1
- SHA512
  
  105adebd3f237c0fd1d89fdd558fcf9093cd8f56bba31a64e68c32c4e94b3d65037ef690c5ce317cf192ceb688c68475a04ac744d9b1b6b94e8b194fed84d64e
- SSDEEP
  
  768:/M+87yTZDoZZlLQ2Gh+Ex252IcuEnbRwkW/GnTEDWqADvMMycB:/M+XSdQ2KLnFwAlD
Score

1^/10
behavioral5 behavioral6
- Target
  
  dll/DLL_AnalyzeGesturesInRight.dll
- Size
  
  62KB
- MD5
  
  03890a9faa8613f47ef0a1932f1a875d
- SHA1
  
  e8ec231284c43a93c94e8750cffa551a66d9c276
- SHA256
  
  52d5e0a454325462c724038311462bb499096b037560b657b8c02870b929473c
- SHA512
  
  ecac97cb27de0495a62701e5498a8c67886336b32d03be4c97a4c00083b443780871a5e101917b352c313a37118059f011eda880eaadcb686d9a9d3a4bece112
- SSDEEP
  
  768:2+p3H9Jxq7To3/khDOARbhMEBWZIcBEnbRwkXGnTED8kKdmRZADvwD1:2+JHePaARtJnFw3XkKdmR6
Score

1^/10
behavioral7 behavioral8
- Target
  
  dll/DLL_MouseDeviceManager.dll
- Size
  
  86KB
- MD5
  
  d9e11a2ab50b4ff6ad95eee5fed3eb48
- SHA1
  
  30e177daebe525f8e5d9da07c890a6e32fe5840f
- SHA256
  
  a48d804c0732591b4c891ac2a7b32d0d627602b950fec30143a5dafd5aee103b
- SHA512
  
  93a5977b6fb1ce8b59ccaa9307ea7271b98168b8269a2b21d41a6de2d7826934c1f2aa83a72940d4feca7e2277419d4916a5d3a248e7134d915f756d8926d140
- SSDEEP
  
  768:rpdSwYh8NE7UOBBV5pTWfIitVFSPl3naQhHNe6c/6+twjEniABlXS7Vr9EDbDznF:O5pFvoIib6H46cRnfBir0DzeVC/P0
Score

1^/10
behavioral10 behavioral9
- Target
  
  dll/DLL_MouseEventHook.dll
- Size
  
  33KB
- MD5
  
  ce1fa57e863ccdc8cfe9ae58e51198df
- SHA1
  
  4270ab5f9dc5cef1bca3238a67ad65cd79b5d67f
- SHA256
  
  b998518fe80b73d140d12e09a8bcc25e4c9e40e6623c6b86006693169b590a63
- SHA512
  
  705a87363f9efa38284923dcc699840afaa40a5355d7093358808a56bfada9d5a2882e7cd89dce74b1170cc9e6e88e7145e39fef5bfba9016e7f8d549a5decc4
- SSDEEP
  
  384:Jh2Vf22kXzFdga8Dhrq4ICms1+pKns8E+hw9lTd3+lnu6EDHplX1/NC3vynAXmk:65S0lqbCh1I38dh4x3GnTEDK3vynAB
Score

1^/10
behavioral11 behavioral12
- Target
  
  dll/DLL_PenSuit.dll
- Size
  
  65KB
- MD5
  
  1f7ffea4dd13500622f1c2f8fcd6d173
- SHA1
  
  0246bbdf6581a5b97b575c81e37780c864f5abb5
- SHA256
  
  20925e5fc22342eefd2ec58b81953117ba26e7fc0e076b87bcbf7c80dfb4a52a
- SHA512
  
  7a5894e2b9a11e06e0f1bf983bd96425354273b668ceb1d3a4cf746f453cc99a60529753eea829daafd6a9f299bda6854b618dc68ad5ef3d6de552d6b96c66e0
- SSDEEP
  
  768:clJPR+sL58FaojXvR4zShfcTpkHhq/6EnJ9BlM1ED9n9n68ORpvAW2KrER:YNosLesufSkE3n/BNoKWzr6
Score

1^/10
behavioral13 behavioral14
- Target
  
  dll/DLL_ScrollbarControl.dll
- Size
  
  53KB
- MD5
  
  16ab9bdacdd35134895b8681d25089c0
- SHA1
  
  2bbabe81aa0b3e1b6f0b3f44f47ea7c8666b1292
- SHA256
  
  b751e0a0c31f31847948003c094d2f0c6024501048ce87f2c2e9274e1a5cc0fc
- SHA512
  
  69e98f54abf147ba79a07fb18ed8e800ab72e09cd605ba84ea53de8ce9924a5bdbcb4d03d2c3b922b40ec773f90a8e9f90ded9630d824201cdb88d1667cea05b
- SSDEEP
  
  768:cbjeEDd77nO5UUo/ppKcahlluRhyMaYkk5f5UEDAneZNwBrDo4/d:cbjF7O5UUymXQvymkVeZNSoY
Score

1^/10
behavioral15 behavioral16
- Target
  
  dll/DLL_Wheel4D.dll
- Size
  
  115KB
- MD5
  
  9d1e44b28200d8c3f34d00250f97ed9b
- SHA1
  
  4488f95a4c1e8cef08824bcfdf04afaf0cceea5b
- SHA256
  
  6c2a2b0c2d005c4d1f434871b494c72d126ec8af17ed43d34f80e2249078affd
- SHA512
  
  eed9939a6ce8bd107532a274e1add62c1c015fd1301e10c02dfdd80e36db0e1d242939f6bfd7e05332421647ab8e002d201ae6917595c6cafc90c6d98d1f041b
- SSDEEP
  
  1536:27djNjAbZWVGqvaik8n/Bb7Zfsinw7RlkQD7L7LZRq:27djNtGYpb7Zfsingq
Score

1^/10
behavioral17 behavioral18
- Target
  
  dll/DLL_ZoomControl.dll
- Size
  
  83KB
- MD5
  
  ada979540911494c857a89ab110152ec
- SHA1
  
  4ab959096debead7241287d12dbe2ccc31effd19
- SHA256
  
  02e887718cc03263e594c09d12777926a45ca7e82a9d8d9c7b4e4177a107f042
- SHA512
  
  b9a2e40e3f27eb68e524d317a5b6d7f878500e650b6636e7c790217f4d4f21477e12a8256407dd6edf3bdafa517266ad26a17c71beaebdfbab67ee5fdac6019a
- SSDEEP
  
  1536:YbmS1cUKTWzCZc/c9hqawLKkxDn8BKf6TCxvtV/d:YbmWcUKTgeN9hELeW6exvtV/d
Score

1^/10
behavioral19 behavioral20
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  37KB
- MD5
  
  90bb882a4b5e3427f328259530aa1b3b
- SHA1
  
  a4059f0c105f4e2abe84efc4a48fa676171f37c5
- SHA256
  
  b2b420aa1805d8b5dc15ccb74dd664d10bd6ba422743f5043a557a701c8a1778
- SHA512
  
  a486280bba42d6c2d8b5ca0a0191b6b29067e1c120f85dbff709a4a42c61d925804915f93f815f56c9ca06ea9f8b89de0e692776524d28d81e29ef1c75501db8
- SSDEEP
  
  768:ps7Ss9mMa0qnobGobEng53IdR4rXDd/+Hb0RPNRuBNJOqUVyvC:s95aoZEgGdu7Dd/YbOPybJ/XC
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22