vidar | 2638665faa18517d0165b96afc33c533441b6a13e624de1df518eaf36499f5c4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Device/Har...ld.exe

windows7-x64

Device/Har...ld.exe

windows10-2004-x64

Sharing

General

Target

build.exe
Size

440KB
Sample

230615-fh3vfsef9s
MD5

de17f08614075bd220aed0b7b1ca10ba
SHA1

27f280eda8b8d6341583d5504969774bef653802
SHA256

2638665faa18517d0165b96afc33c533441b6a13e624de1df518eaf36499f5c4
SHA512

04689284b82494bb123616a3e17b5cfab307a0da01dde1f610a0ed0070f0112f071369670f7f3d2f52d213211f59119758c0c1786a88c23bcabedee192f40759
SSDEEP

12288:0/Q/Xf7amzqCbLa1s7T0LgKA0EtJ+mRzExk7SzmkI9p:4Q3Xw/K+QqDKkyp

Score

10^/10

vidar 399 spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume4/Users/agastinj/AppData/Roaming/build.exe

Resource

win7-20230220-en

vidar 399 spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume4/Users/agastinj/AppData/Roaming/build.exe

Resource

win10v2004-20230220-en

vidar 399 spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

34.3

Botnet

399

C2

http://ps5rent.com/

Attributes

profile_id
399

Targets

- Target
  
  Device/HarddiskVolume4/Users/agastinj/AppData/Roaming/build.exe
- Size
  
  621KB
- MD5
  
  81ce57bc6b0c4894ad94120fd0f57b69
- SHA1
  
  bee7602331f2c867c06d8b9d097bba81ac27792c
- SHA256
  
  176b654a691b195db171e1c3d179afc365adbd5fd97b515a1dd7241cd0f974d9
- SHA512
  
  0e7b5b7561f2eda562f0a755c02d84b044b9045ee2d94b5efa51e3b37d5bb2be7099f44a0a945584ff86857f0d09dc2692e8649bd20405f6b71c91c55dd3fe71
- SSDEEP
  
  12288:qlwg5g9LzIF4chsOkcXae5NDhNqjRAretmWyiUb:e/5IHG4xo5lKketRyd
Score

10^/10

vidar 399 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar399spywarestealer

behavioral2

vidar399spywarestealer

© 2018-2024

Terms | Privacy