Overview

overview

10

Static

static

3

SCREEN.exe

windows7-x64

10

SCREEN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCREEN.exe

  • Size

    6.9MB

  • Sample

    230609-x35yzsdb39

  • MD5

    339fbfa154755393b2baec483e5f1257

  • SHA1

    209a36c4a3e156a391849f9934e36c862175ac32

  • SHA256

    6b79d25b436f4059d791f8fcb22d912a899ac27792527f03dfe3bcd17a5b2b7f

  • SHA512

    54f6e08453f826304c975a863683b980f613a920b0af09a08e57a13bd90833ae0cda63f4ca487a7ec4e5dd8f87f649d273a3c03575f711c179e48b4367fef9a1

  • SSDEEP

    196608:/4Lbt1AcaU/2bwFJ54cJ+0e+Oq2e1JZFE:/4zF2bwFHY0HO2JZ

Score
10/10
vidara64ca0c195d3c6bc2a04ada079183388spywarestealer

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

a64ca0c195d3c6bc2a04ada079183388

C2

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag
Attributes
  • profile_id_v2

    a64ca0c195d3c6bc2a04ada079183388

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Targets

    • Target

      SCREEN.exe

    • Size

      6.9MB

    • MD5

      339fbfa154755393b2baec483e5f1257

    • SHA1

      209a36c4a3e156a391849f9934e36c862175ac32

    • SHA256

      6b79d25b436f4059d791f8fcb22d912a899ac27792527f03dfe3bcd17a5b2b7f

    • SHA512

      54f6e08453f826304c975a863683b980f613a920b0af09a08e57a13bd90833ae0cda63f4ca487a7ec4e5dd8f87f649d273a3c03575f711c179e48b4367fef9a1

    • SSDEEP

      196608:/4Lbt1AcaU/2bwFJ54cJ+0e+Oq2e1JZFE:/4zF2bwFHY0HO2JZ

    Score
    10/10
    vidara64ca0c195d3c6bc2a04ada079183388spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks