vidar | fee6394cdf59a134c7822fd92922f56d426ca5d3af150671045d8481907a5f61 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Spectratrons2Crackq.rar
Size

7.4MB
Sample

230218-yg7fcsdc89
MD5

656551bf3abad88d2e6ba3c46ae2e518
SHA1

7b46fa895994aa1d9aa929af37fbd6bd1de5af5c
SHA256

fee6394cdf59a134c7822fd92922f56d426ca5d3af150671045d8481907a5f61
SHA512

e7aa82834412ce81a76a4630a0a01bff0aeda37e18cf494a6e5122b7f4e5e8daf15781246c14f26cca8de5751b15c2881ee659191e4ec4bffc18416644cee3d4
SSDEEP

196608:aNkEL8aFR4O4jS5XDjlr9AMpl2HJsP1tn7WeCbd:MR7CSBDjlrz2HSXnib

Score

10^/10

vidar 408 spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

vidar 408 spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

vidar 408 spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Setup.exe
- Size
  
  761.7MB
- MD5
  
  260fa7a23b5875193251072ae72c9609
- SHA1
  
  1b8dab7b8d6eab04d351c6bcafbed8fb5dceb427
- SHA256
  
  e29f85b21d086505a82c69fd9f15f1490d92967655dda0081af7ba0bdafcc7f6
- SHA512
  
  a7388d6673439a3f172cc472c85b911d02722778af7d16552efb82f0a0bfcaba54fcb23f216febbd646d392637c2a2c6ab4bc109c1e9afa1897004423f3d70b4
- SSDEEP
  
  6144:r4lJdLRhaREge3pncR8NeJu4IPn23VZakyL6RBSV35cI5sfC7bQGa+eDJF5qMkWr:r45VhP33pnZbP23mKSV3Cw7/eLLx39
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealerupx

behavioral2

vidar408spywarestealer

© 2018-2024

Terms | Privacy