vidar

Sharing

Copy URL Twitter E-mail

General

Target

7573.rar
Size

11.1MB
Sample

230322-e82veagh2v
MD5

b1d09d662f2abc5e974026b37fb0ba15
SHA1

6da7a076f1e24e8bcdb394decdd0571547ebf92c
SHA256

9cc57f02c45fb5c38a09aa715deba0c739d47ddc04d8a498270430936342d5c9
SHA512

85480aa1e2c9402c1efcf7cd43376ec416987232cfe63d0a7c4985b5e32ed467bca37f0b095493ee9aae01530198226907785a9c2d87f8c9defbbd6e1bd55b08
SSDEEP

196608:sYbWaKBvpGYIBCt8JuO1TuafX0RQbJw1jwdmm6VhDw5LU1E//TSyA3N9mpHK:5aFBvpGf8aEO1JfkKdw1AmHVJw5w1ATw

Score

10^/10

Malware Config

Extracted

Family

vidar

https://steamcommunity.com/profiles/76561199472266392

Extracted

Family

vidar

Version

�).�).

https://steamcommunity.com/profiles/76561199472266392

Targets

- Target
  
  dHogwarts Legacy/Data/Debug/Addition.dll
- Size
  
  30KB
- MD5
  
  f22e849a370cdf127f48beab596bdd81
- SHA1
  
  fb1da47c7a246f2cda7f7686a468efafd9933b1e
- SHA256
  
  8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
- SHA512
  
  6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
- SSDEEP
  
  768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score

1^/10
behavioral1 behavioral2
- Target
  
  dHogwarts Legacy/Data/Debug/Cracker.dll
- Size
  
  56KB
- MD5
  
  404aacc737a9d30147d30cee6be0abba
- SHA1
  
  5f49b9197d73b53eb3473c80a6f25dc068421baf
- SHA256
  
  3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
- SHA512
  
  eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
- SSDEEP
  
  384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score

1^/10
behavioral3 behavioral4
- Target
  
  dHogwarts Legacy/Data/Debug/Helper.dll
- Size
  
  189B
- MD5
  
  9bb9aba5dd893bbccfa45e2d75d55d26
- SHA1
  
  5714796513341ac3159a6a3c23d4769209063d35
- SHA256
  
  6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
- SHA512
  
  f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score

1^/10
behavioral5 behavioral6
- Target
  
  dHogwarts Legacy/Data/Debug/Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral7 behavioral8
- Target
  
  dHogwarts Legacy/Data/Packaged/Main.ini
- Size
  
  1KB
- MD5
  
  7b53ebd64e5781e02eaefb6739a6b556
- SHA1
  
  d5332b200cf5dcea0419afdb66a15d89b9eb619f
- SHA256
  
  b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
- SHA512
  
  c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score

1^/10
behavioral10 behavioral9
- Target
  
  dHogwarts Legacy/Data/Packaged/Utils.dll
- Size
  
  1KB
- MD5
  
  73e051427246dd4ca45935b1a4bd7e2d
- SHA1
  
  7216f05041252f1c3a9d84aacdf84ef62f1a1045
- SHA256
  
  b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
- SHA512
  
  3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score

1^/10
behavioral11 behavioral12
- Target
  
  dHogwarts Legacy/setup.exe
- Size
  
  761.7MB
- MD5
  
  1e0cd183c785053dde2078caf5e4bd3b
- SHA1
  
  10009d5ed6576a147f006955023ce83a7ef48927
- SHA256
  
  95f036c8526a0c4a01b1448d7c6e897afb90ec199a2607f3559fa41399c3ab8b
- SHA512
  
  d7bc03b1016779c89dfb4a927a27ae188e9c2d12eab7626137690a53c2d158beadb52b5358a80020ae9a870825d18d64e92f1054e2f962b8cc19bd87d1f4f09a
- SSDEEP
  
  12288:TlnDldQGM9rk7cf6vRAxR/M5AiFfOoqdSQPvw:TlnDxEk7s65AxR/M24OJccw
Score

10^/10

vidar stealer spyware upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14