vidar

Sharing

Copy URL

Twitter E-mail

General

Target

fb11c946384feba15d8abd1687386445_JaffaCakes118
Size

3.8MB
Sample

240419-ytmayseb36
MD5

fb11c946384feba15d8abd1687386445
SHA1

62320e3d19834524d995ed040207bf27d50eb887
SHA256

961bf55f25103eeb23ae7f6d25ea26f57eb23ebd521ef5c7397f50aeac37ac8d
SHA512

9a9253f79576d4b30646e4ba0201e80f43c87eca0acca4761b856faee4e0cf966aa1164a20296a4230d0b37f92aedd2ca06638cf2697092ee2a0d73f22a8b00a
SSDEEP

98304:GB3hYNL35jLeZrz5XCeENK5+g8QYR5njJLQjRi:ymh3hLetSR9nJLQNi

Score

10^/10

vidar stealer

Malware Config

Extracted

Family

vidar

Version

��U��

Targets

- Target
  
  fb11c946384feba15d8abd1687386445_JaffaCakes118
- Size
  
  3.8MB
- MD5
  
  fb11c946384feba15d8abd1687386445
- SHA1
  
  62320e3d19834524d995ed040207bf27d50eb887
- SHA256
  
  961bf55f25103eeb23ae7f6d25ea26f57eb23ebd521ef5c7397f50aeac37ac8d
- SHA512
  
  9a9253f79576d4b30646e4ba0201e80f43c87eca0acca4761b856faee4e0cf966aa1164a20296a4230d0b37f92aedd2ca06638cf2697092ee2a0d73f22a8b00a
- SSDEEP
  
  98304:GB3hYNL35jLeZrz5XCeENK5+g8QYR5njJLQjRi:ymh3hLetSR9nJLQNi
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  a7cd6206240484c8436c66afb12bdfbf
- SHA1
  
  0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919
- SHA256
  
  69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926
- SHA512
  
  b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904
- SSDEEP
  
  48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMPImages/PazeraToolbar.exe
- Size
  
  2.8MB
- MD5
  
  f3f43974f4be7f4fa263d67510f32330
- SHA1
  
  603477844f23b2895cbc40fcc6abd3502d7d4b4b
- SHA256
  
  ef385c5290616a9e68ea873d049841cf0a74a65bfc265c1f1b103430bdc41aca
- SHA512
  
  1e99ed023da4038e884badc06ee95cdd6a46df8ad8a634f59f9243dba4c6f9d531ae95940a487f8b22efcaade1e925674eb1c8ce265b4d8c20c18e8e6b16afe2
- SSDEEP
  
  49152:DKmU/FmbvQyw+Lx8GtekgJV2cEraOdDJLQDwydRm0qw9d/YDTn3UOesiX9iYvmEb:+mUoU+LSGtYJVqraOb5yds0tf0EOevXN
Score

7^/10
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/CABSetup.dll
- Size
  
  17KB
- MD5
  
  971a2e4b537d8b3f0bf5699c4b086192
- SHA1
  
  72c062e122288b8c015cd1cd806bef4a22530b60
- SHA256
  
  82f78bcf453ef5bc4383dbb586bcdb7db7b79877ca79991f8b83c9284b6eeedc
- SHA512
  
  2269002046c774112201a4ebb86638e554c11fa3ef2ba2f48266b5427b64fc35e66a94a1dc45c085f713aaf2852ac55a40876ff6bd0fe8625dce9eac05ace657
- SSDEEP
  
  384:1+euflfDS/VtTPYCfdW/QJCG0wNXB9SNCNLH:1+eufdpYg4JCwnSENLH
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  588d2a4e27dee47f1d7a9c10e67ca948
- SHA1
  
  019aad53a317892c3875761a5f6f2fb470376b7b
- SHA256
  
  b908ac66f5e0876fefe0be8ee692095132a780a8362ba3a68e99ba0d53dc8ebc
- SHA512
  
  c9de72dcb87f27e0a67c6b0220dab67b8c5813bc803bd76fb2b3070e88447457afdc76ffc391be42c14e9f31218fb74e8ddcd2a867e1f4d6f057986a8e31955b
- SSDEEP
  
  384:kUyPTZJ/XdzJwwTh8W1cyMjPzt0Ac9k+LMkIX1+Gn+XHfs:k37/luwTh8W1rMjPzbus
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/ScrollLicense.dll
- Size
  
  58KB
- MD5
  
  9de28704babdcf38f423c36eae737e17
- SHA1
  
  dd7f7b03430bbc9d568c6ea31de88fc281c3eec3
- SHA256
  
  d81d764e13b8e7a7ede9964f118d2de44b13c39c442527c0ffa11ed25cac5014
- SHA512
  
  74e0b8b2cbf2de7ffde19e31567976e4c59fc68df351621acee5b0f00734fe7cb95f29fc822313f58ab9cf5f2822763d6021643e088fa6a37bf6d4672f6cbeea
- SSDEEP
  
  1536:IU49ZxlN9m68X7Yo7n8roGNHyJelIXkzqGvl/H3C:OZxz9QA1SkHzvl/XC
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  eaf5036ef8e7fbdfa76d42c18233764f
- SHA1
  
  acd9f46c0500b00648933c4a172ef258ec64a1f3
- SHA256
  
  74a4283da525512b7fa14d40cafd905e63a8c2a3c9faca4d0605ad71f1a05a7d
- SHA512
  
  93d3e698c5d40f28c9d899f95f5b8ae60eceb8e96e57000ed458b9bffadcc98616aeadd4d6b930f3f91bd2a822681ef284dfc0eda6ae776ba1b7cc6ff87704ef
Score

3^/10
behavioral21 behavioral22
- Target
  
  Helper.dll
- Size
  
  237KB
- MD5
  
  d374b5262dab852732718f3968fedd43
- SHA1
  
  060bfe6b9322a50ea626595f41d6f2e0c07e1f07
- SHA256
  
  24c0fadffd1ce7a497519bdca98e553d9903e8f6e19e2d755f4317db2dfe2682
- SHA512
  
  bb364ad46c122226aace34e841bfa1b22e4e629553d45f8a8887d3926cd71f927f08954a32b0acab7f8c368160b9be23c6cb2a421b34244d4edfea2ae0db40b8
- SSDEEP
  
  6144:ZBrPDCDJKGraMNuBOQl+wyh+O2TP8JUEgsv:zjDCMXMoBOQl+wK+O2gK
Score

1^/10
behavioral23 behavioral24
- Target
  
  ImageConversion.dll
- Size
  
  196KB
- MD5
  
  18a95233a49fb06e0d7d29e396c65f7d
- SHA1
  
  ac9ca3e837e4c4b07f28b5e8a1ff55d6bc853b56
- SHA256
  
  b8196f6e55bebc9368fde1743db5251f756ab32b66e67628449bc042042caed8
- SHA512
  
  ab7d9a71f895329035a73b9e5e8cdc92e188eb90630e5016dc34a66ff16ddeef548b0326792a96d9116fcf219368a9d1b95ee65afefcd772c55d943177398669
- SSDEEP
  
  3072:mEad4E4Ik6UU1caVFn2krQ2ZOEIQTBfbAg0Fu125/cgJ:mEaLkQtVFn2cJZxIQTBDAO0z
Score

1^/10
behavioral25 behavioral26
- Target
  
  RSSReader_plugin.dll
- Size
  
  362KB
- MD5
  
  c77745740c3823c6bcfec35327a630bc
- SHA1
  
  d1d49cc042f4b4e8cd5466008643a893947d9127
- SHA256
  
  c665399f65111393c015814ef0ab9c8cb2215e048fa8d64c52e94c3ebb7a5eec
- SHA512
  
  80f492caa1c86f3a0944ae6cd6daf48b165cff3336e4dafa38ec9ea5ffe737731b65a7d94329c0fe04ee9865598117dc984c140408846f169721f26a845f4732
- SSDEEP
  
  6144:geOPipxlbzFYDIWBd1xhp0vll5tUFGhU17Qvz+fj2li/siabzC8gysQvKHXyU5fX:gxipxlbhYDIWht036GhU9S+b2w/9h
Score

1^/10
behavioral27 behavioral28
- Target
  
  RadioPlugin.dll
- Size
  
  390KB
- MD5
  
  7384485085d0711fe6c8971b7d61f8b7
- SHA1
  
  a2fa933bd7613d3e51c73f9e102cf60f3f6fca3f
- SHA256
  
  f580d67ab9498bfbab8b9f992a030fc1a90ae1fbf9c8cf960cd1a55c16414c04
- SHA512
  
  2b485626aba41ec2886c2ee7ec1930f2da727640f35fa723f7f68a6a40944f0986d1224d575f436754e055ef61c1c36d228753bd95437681c37b8fb355d0adb0
- SSDEEP
  
  6144:YB1iniSKoj2L+nLeUDgRHNvI6zTA0dPUcTIcAU99iRTyBb2Awro7js8pBMCVUI/:Y7eiSffidPUcTIcA+KTUbnwr98HJ/
Score

10^/10

vidar stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
behavioral29 behavioral30
- Target
  
  SearchComponent.dll
- Size
  
  212KB
- MD5
  
  19a3c58c3d4161f67d63ab1aa32d89e2
- SHA1
  
  46fc810f1dcfe26826a87d347cb4606b35cc675b
- SHA256
  
  fc24d4248c49606f760ed871512bda7d09ba1a1d242347e33a60ebf8b8d72192
- SHA512
  
  70f36bdf420ec3697777062aacaf5805de9de7ed4b03d4032512690ded305c0c3f3cdde63bafdf3f3d6a0b2ab9b0f1b9ad0c934deea2fb50d1a49a254792528f
- SSDEEP
  
  3072:A5Y6PErq0i4qtw0WjVhuqHzYwU+qDLvYJL1CfImwUXl/5CMXaPPVR:MPPE6tw0W9TfWDLvYJLwILmQMKPb
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32