Overview

overview

10

Static

static

1

bd1a94b7af...f0.exe

windows7-x64

10

bd1a94b7af...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd1a94b7afc34843b33c32ed3c3613f0

  • Size

    796KB

  • Sample

    240309-3nfcnsef5y

  • MD5

    bd1a94b7afc34843b33c32ed3c3613f0

  • SHA1

    06d293b2f9921fbe8e6861387622f6034fb4da8c

  • SHA256

    c4e584cf945824aa5c88fa352b2a598695ae61ac591a1a4e7580503b4b8a3402

  • SHA512

    28533f33cca14da40298c4f0377509b0cc93b2b999b71f705ba8ef50eabd588c0895f812ea175c18ccf4f90b18b4f97bf9856d84aec971981709030b144aef88

  • SSDEEP

    24576:2scQPFc8HTWK0g+W2r7fiYBlh73yTLeV38HuHf2D:2xQSUDV+W2TR7CeVM5

Score
10/10
vidar921discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

39.9

Botnet

921

C2

https://prophefliloc.tumblr.com/

Attributes
  • profile_id

    921

Targets

    • Target

      bd1a94b7afc34843b33c32ed3c3613f0

    • Size

      796KB

    • MD5

      bd1a94b7afc34843b33c32ed3c3613f0

    • SHA1

      06d293b2f9921fbe8e6861387622f6034fb4da8c

    • SHA256

      c4e584cf945824aa5c88fa352b2a598695ae61ac591a1a4e7580503b4b8a3402

    • SHA512

      28533f33cca14da40298c4f0377509b0cc93b2b999b71f705ba8ef50eabd588c0895f812ea175c18ccf4f90b18b4f97bf9856d84aec971981709030b144aef88

    • SSDEEP

      24576:2scQPFc8HTWK0g+W2r7fiYBlh73yTLeV38HuHf2D:2xQSUDV+W2TR7CeVM5

    Score
    10/10
    vidar921discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks