vidar | d0acf62bc8114d8306fa0f8fa38cf8ebce28abb99b447a434520da801a97b5e8 | Triage

Submit
Reports

Overview

overview

Static

static

1

AdobeIllus...23.exe

windows7-x64

AdobeIllus...23.exe

windows10-2004-x64

Sharing

General

Target

AdobeIllustrator2023.rar
Size

6.8MB
Sample

230218-xdklrace2t
MD5

d8e4b0d3b4113cf340ae2c944a556dd3
SHA1

32c6f664fd993be0d1286ef0929e9dc929e6e585
SHA256

d0acf62bc8114d8306fa0f8fa38cf8ebce28abb99b447a434520da801a97b5e8
SHA512

0fb4df0db32e1c1ed8a6abd88c203991e97f5023ed518a83c770660f4182b398a18a90a99eb99171787047cd2f983b94d0d7837d0b45a8a26bdef82efd115611
SSDEEP

196608:zaayWJXuLc+7Yg5dmkHp9vNBij1rjeHUkn51UnxIiMCnX:zHjiclgdnBSrje0k51UxzdnX

Score

10^/10

vidar 408 spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

AdobeIllustrator2023.exe

Resource

win7-20220812-en

vidar 408 spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

AdobeIllustrator2023.exe

Resource

win10v2004-20221111-en

vidar 408 stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  AdobeIllustrator2023.exe
- Size
  
  761.7MB
- MD5
  
  127504100dc5cc5d31567b432545a094
- SHA1
  
  c5de6d70709521b64d2bfdc02ea3283d75ae35d2
- SHA256
  
  57fa5d7d958b31479f78214a37ee220bf4bd0cc6a784c653d9b9665d17815612
- SHA512
  
  371751fd419b40603d5f4d6f4767933a59f428891c0e62a315ab5881883b3ba555b26246b8015b0fe5010e943b7ab0324d12e4cf8056a7e35646fecc5507e414
- SSDEEP
  
  12288:8mkPutHPPqXfiFYANYgsmybPf9sFK7Gsf6FAxBoBD4:PkPuFPPqXfirNYgsmybSw7Gsywf
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealerupx

behavioral2

vidar408stealer

© 2018-2024

Terms | Privacy