vidar | 780db2201a60a16938c09875bbb0c5de57f5262393fc84512c6307c7598d7203 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ccf1b8ef2cd11685911bbfff920c6a6.exe
Size

772KB
Sample

230802-c9vrdadd8x
MD5

0ccf1b8ef2cd11685911bbfff920c6a6
SHA1

7893b025a4425d393aa0b81be7b7f1dfb018faaa
SHA256

780db2201a60a16938c09875bbb0c5de57f5262393fc84512c6307c7598d7203
SHA512

f685deab49aecb746f9c62fe1d1503bcc70c4a9713fca9d833916c2d6153f437f3f08f15602e7cca57aaad9a588fc66e5fb29107ea46008de29d8921847a6829
SSDEEP

24576:1Ru16WYdRNDl0Et8uEXE6dl5H92r5HA9NY:LVNDl0Et8uEXE6ds1HA9

Score

10^/10

vidar 02cfa027617fa4f9c7511430ee741e2b spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.9

Botnet

02cfa027617fa4f9c7511430ee741e2b

C2

https://t.me/dastantim

https://steamcommunity.com/profiles/76561199529242058

Attributes

profile_id_v2
02cfa027617fa4f9c7511430ee741e2b
user_agent
Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  0ccf1b8ef2cd11685911bbfff920c6a6.exe
- Size
  
  772KB
- MD5
  
  0ccf1b8ef2cd11685911bbfff920c6a6
- SHA1
  
  7893b025a4425d393aa0b81be7b7f1dfb018faaa
- SHA256
  
  780db2201a60a16938c09875bbb0c5de57f5262393fc84512c6307c7598d7203
- SHA512
  
  f685deab49aecb746f9c62fe1d1503bcc70c4a9713fca9d833916c2d6153f437f3f08f15602e7cca57aaad9a588fc66e5fb29107ea46008de29d8921847a6829
- SSDEEP
  
  24576:1Ru16WYdRNDl0Et8uEXE6dl5H92r5HA9NY:LVNDl0Et8uEXE6ds1HA9
Score

7^/10

spyware stealer
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

02cfa027617fa4f9c7511430ee741e2bvidar

behavioral1

behavioral2