vidar | 2024-04-19_b6e26301e4dd946928be4c32bb90be14_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_b6e26301e4dd946928be4c32bb90be14_magniber
Size

9.2MB
MD5

b6e26301e4dd946928be4c32bb90be14
SHA1

048c02ce8acb6d1a89ebbd0ff5c3fbd0e4cb7fe6
SHA256

ca8bc6d8c85f6b800db9a1dcccf04d60089224eaf408997f07df03ebaa0ba942
SHA512

e42b153482cf8b57bf07d4918a7f9d700042c99c4fb495e94026c64f6faa4768d12b0582ccb249b868b677839429f35241a46052701d7dde29aac0e2a7af8c6a
SSDEEP

196608:CxkMK3zPCniYGV48eSS5vO8+ZkojzX7MuHvwwE8N:AkZaFfXW81ojz7fHYwD

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_b6e26301e4dd946928be4c32bb90be14_magniber

Files

2024-04-19_b6e26301e4dd946928be4c32bb90be14_magniber
.exe windows:5 windows x86 arch:x86

fbd49b2407c5a41b992db728d0161424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen

kernel32

IsProcessorFeaturePresent
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharToOemA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExA

ole32

CoInitializeSecurity

oleaut32

VariantClear

shlwapi

ord155

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpŽß
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpŽß
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbd49b2407c5a41b992db728d0161424

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5.0MB - Virtual size: 7.1MB

.vmpŽß Size: 1.5MB - Virtual size: 1.5MB

.vmpŽß Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 15KB - Virtual size: 15KB

.rsrc Size: 396KB - Virtual size: 395KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5.0MB - Virtual size: 7.1MB

.vmpŽß
Size: 1.5MB - Virtual size: 1.5MB

.vmpŽß
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 396KB - Virtual size: 395KB