Overview

overview

10

Static

static

1

0136319c6e...35.exe

windows7-x64

10

0136319c6e...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9838d7b931ba280e94b401ed799e35f9.bin

  • Size

    3.3MB

  • Sample

    230329-bxmdssfh8x

  • MD5

    b06e0120988c90af8e99b8bf5611be04

  • SHA1

    52f2b8219281a4e1102c57075f045ee7650a172b

  • SHA256

    81f58cb29ba3b72005b2d4faf619fbe8a5c5a79baee5148bfd06010badf8ff75

  • SHA512

    054e85c3347a57433a88262f159661a81abfb369f7a8d94953764813b862236219d38441bdb47b90fea128d75b78801cdf1bf62320d2f5895d04fd3f50367579

  • SSDEEP

    98304:5n+Re3/4a7GfLyYbdiOciW8utxuPsJJh8ADG:5n4e3Qa7GfeI7W8NkJnG

Score
10/10
vidarfaf321b64879a39e4d9e2b6994483a1adiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

3.2

Botnet

faf321b64879a39e4d9e2b6994483a1a

C2

https://steamcommunity.com/profiles/76561199489580435

https://t.me/tabootalks
Attributes
  • profile_id_v2

    faf321b64879a39e4d9e2b6994483a1a

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Targets

    • Target

      0136319c6ea0ac8a0265c915e91731252b3e185433846300e858bf22570eff35.exe

    • Size

      3.4MB

    • MD5

      9838d7b931ba280e94b401ed799e35f9

    • SHA1

      ae7d122c39e37ef24b9a1fd3fdf08fd002f8620e

    • SHA256

      0136319c6ea0ac8a0265c915e91731252b3e185433846300e858bf22570eff35

    • SHA512

      2ff6289355bd35238ce0b00a3130022da2d76a814066c1469bad63a4319b5a2dc2965d90346ecf8ad3ebaecf63c8828f049eb5abac83376a217aedccf203cc1f

    • SSDEEP

      98304:PUGbQl+tr2/LRPFiwwxBU0lxvCngfl1m4wgfT:2l+IN6ZvegDR7

    Score
    10/10
    vidarfaf321b64879a39e4d9e2b6994483a1aspywarestealerdiscovery

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks