vidar | fadf73572a43a77edf12de54a2fe9cc13e58a6653d538202cde992c0ee8fdf1d | Triage

Submit
Reports

Overview

overview

Static

static

1

Fivem hack.rar

windows7-x64

Fivem hack.rar

windows10-2004-x64

Sharing

General

Target

Fivem hack.rar
Size

1.9MB
Sample

230215-bj9xyagh3z
MD5

4156197b492c58a50e3fb2ffb4bcf681
SHA1

7e5171efeaabe69d72ab28dbed028cc7efcdc6af
SHA256

fadf73572a43a77edf12de54a2fe9cc13e58a6653d538202cde992c0ee8fdf1d
SHA512

76f585aa8c00f9f09ac58b4379c1fe296088133bc8acc5f664458cdd34e6e8b138d9e1125e0dcf161ae8007088d6f202e07b233d8ac1c112863f58f65aaab8e6
SSDEEP

49152:4NB5tG9MW7vXU4EzJuI1OKLf/7mnQYE2Xzp:4pTIWAKLXWNE2Xzp

Score

10^/10

vidar 408 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Fivem hack.rar

Resource

win7-20221111-en

vidar 408 spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fivem hack.rar

Resource

win10v2004-20221111-en

vidar 408 spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Fivem hack.rar
- Size
  
  1.9MB
- MD5
  
  4156197b492c58a50e3fb2ffb4bcf681
- SHA1
  
  7e5171efeaabe69d72ab28dbed028cc7efcdc6af
- SHA256
  
  fadf73572a43a77edf12de54a2fe9cc13e58a6653d538202cde992c0ee8fdf1d
- SHA512
  
  76f585aa8c00f9f09ac58b4379c1fe296088133bc8acc5f664458cdd34e6e8b138d9e1125e0dcf161ae8007088d6f202e07b233d8ac1c112863f58f65aaab8e6
- SSDEEP
  
  49152:4NB5tG9MW7vXU4EzJuI1OKLf/7mnQYE2Xzp:4pTIWAKLXWNE2Xzp
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer

© 2018-2024

Terms | Privacy