Overview

overview

10

Static

static

1

Acrobat.exe

windows7-x64

10

Acrobat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Acrobat.exe

  • Size

    447KB

  • Sample

    230216-t78znaac6y

  • MD5

    93608ad7c09cff3f973d368fbd13ebef

  • SHA1

    273eb598e1552240adf031024240941e6205489f

  • SHA256

    117a62db2a9b8c5cbe7420192e28ebd17b93a63f8a7b2984dc2d6f9c12383f26

  • SHA512

    892ef93dd5d2524060d20abe71ad053d269069dddc9b53af4b7c436385879433730f7d4b46ad0b5c59df0b913a99305015c9b8259448136a1892ca446fa99aeb

  • SSDEEP

    6144:Ba+WLREtbN8M06OV9/bkXJUoTfck0wVYbIY/pIL13oN0NDgQnR6FFwAYpn8FCdy9:BaLNwTTX3Hqkopa13U0NDgmR6bzFsH8T

Score
10/10
vidar408spywarestealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes
  • profile_id

    408

Targets

    • Target

      Acrobat.exe

    • Size

      447KB

    • MD5

      93608ad7c09cff3f973d368fbd13ebef

    • SHA1

      273eb598e1552240adf031024240941e6205489f

    • SHA256

      117a62db2a9b8c5cbe7420192e28ebd17b93a63f8a7b2984dc2d6f9c12383f26

    • SHA512

      892ef93dd5d2524060d20abe71ad053d269069dddc9b53af4b7c436385879433730f7d4b46ad0b5c59df0b913a99305015c9b8259448136a1892ca446fa99aeb

    • SSDEEP

      6144:Ba+WLREtbN8M06OV9/bkXJUoTfck0wVYbIY/pIL13oN0NDgQnR6FFwAYpn8FCdy9:BaLNwTTX3Hqkopa13U0NDgmR6bzFsH8T

    Score
    10/10
    vidar408spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks