vidar | 2bfc91f4857cab7263337f39429a2f529f42eb2978f372011c4c9cc6e0c55ccf | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.94c3d...30.exe

windows7-x64

NEAS.94c3d...30.exe

windows10-2004-x64

Sharing

General

Target

NEAS.94c3d62d1cd694ac81760f0816b44730.exe
Size

630KB
Sample

231028-nt6dqabg44
MD5

94c3d62d1cd694ac81760f0816b44730
SHA1

8b9b35b7685c9118caa21e9142077c2fa65c01ff
SHA256

2bfc91f4857cab7263337f39429a2f529f42eb2978f372011c4c9cc6e0c55ccf
SHA512

2775f9078572c709e0f2e6640b1619fe8f5f52e1fdb2ea583868a68f3ffe4160a692bd4ffba0fdd28975c970c165b3ace745530abc3dbe95644869f284e02e0f
SSDEEP

12288:14Xa10WFCgyU/9Ct7SiRzdHTSiTfFUITI9q6LEdPi7f2Q3:1l10WFlFS/DTfFUJ9qTdPiyA

Score

10^/10

vidar xmrig 933 miner stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.94c3d62d1cd694ac81760f0816b44730.exe

Resource

win7-20231023-en

vidar xmrig 933 miner stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.94c3d62d1cd694ac81760f0816b44730.exe

Resource

win10v2004-20231023-en

vidar xmrig 933 miner stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

39.8

Botnet

933

C2

https://xeronxikxxx.tumblr.com/

Attributes

profile_id
933

Targets

- Target
  
  NEAS.94c3d62d1cd694ac81760f0816b44730.exe
- Size
  
  630KB
- MD5
  
  94c3d62d1cd694ac81760f0816b44730
- SHA1
  
  8b9b35b7685c9118caa21e9142077c2fa65c01ff
- SHA256
  
  2bfc91f4857cab7263337f39429a2f529f42eb2978f372011c4c9cc6e0c55ccf
- SHA512
  
  2775f9078572c709e0f2e6640b1619fe8f5f52e1fdb2ea583868a68f3ffe4160a692bd4ffba0fdd28975c970c165b3ace745530abc3dbe95644869f284e02e0f
- SSDEEP
  
  12288:14Xa10WFCgyU/9Ct7SiRzdHTSiTfFUITI9q6LEdPi7f2Q3:1l10WFlFS/DTfFUJ9qTdPiyA
Score

10^/10

vidar xmrig 933 miner stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Vidar Stealer
  stealer
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidarxmrig933minerstealer

behavioral2

vidarxmrig933minerstealer

© 2018-2024

Terms | Privacy