vidar | 872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf
Size

471KB
Sample

230418-vjvmssch45
MD5

74af9efe690ca3a1d24e8fd17f0b1f86
SHA1

51286264b82a7bf4eb79bc88bf935d05a5670485
SHA256

872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf
SHA512

3cc7f416ad4efeb88f58e8ab14db7a867a1117c9e6dcb24af681ba38ba2c49eeac4d9b17fcc0b8c29c0e6306b5228c28d4152a411f0b4f616375e40367a20b58
SSDEEP

6144:5WZcBJXG4+oCAyz+/OOp50D7lydrd51TuxiEdbvKZES+ICiq0LIv:5KcHXyoCAy9Oj2xyd551q/SZp3q0Mv

Score

10^/10

vidar e749025c61b2caca10aa829a9e1a65a1 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf.exe

Resource

win10v2004-20230220-en

vidar e749025c61b2caca10aa829a9e1a65a1 discovery spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

3.4

Botnet

e749025c61b2caca10aa829a9e1a65a1

C2

https://steamcommunity.com/profiles/76561199494593681

https://t.me/auftriebs

Attributes

profile_id_v2
e749025c61b2caca10aa829a9e1a65a1
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0

Targets

- Target
  
  872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf
- Size
  
  471KB
- MD5
  
  74af9efe690ca3a1d24e8fd17f0b1f86
- SHA1
  
  51286264b82a7bf4eb79bc88bf935d05a5670485
- SHA256
  
  872fd10cb2783c4376bcf14ddef4364e067b42c34bc8fd108c720ff2d4fb47bf
- SHA512
  
  3cc7f416ad4efeb88f58e8ab14db7a867a1117c9e6dcb24af681ba38ba2c49eeac4d9b17fcc0b8c29c0e6306b5228c28d4152a411f0b4f616375e40367a20b58
- SSDEEP
  
  6144:5WZcBJXG4+oCAyz+/OOp50D7lydrd51TuxiEdbvKZES+ICiq0LIv:5KcHXyoCAy9Oj2xyd551q/SZp3q0Mv
Score

10^/10

vidar e749025c61b2caca10aa829a9e1a65a1 discovery spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidare749025c61b2caca10aa829a9e1a65a1discoveryspywarestealerupx

© 2018-2025

Terms | Privacy