vidar | af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb | Triage

Submit
Reports

Overview

overview

Static

static

3

advbattoex...er.exe

windows11-21h2-x64

Sharing

General

Target

advbattoexeconverter.exe
Size

804KB
Sample

240423-waq4paac5z
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

10^/10

vidar 2f8c87c1f3d300758762e46e7a6b6839 evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

advbattoexeconverter.exe

Resource

win11-20240412-en

vidar 2f8c87c1f3d300758762e46e7a6b6839 evasion spyware stealer trojan

windows11-21h2-x64

31 signatures

1800 seconds

Malware Config

Extracted

Family

vidar

Botnet

2f8c87c1f3d300758762e46e7a6b6839

C2

https://redddog.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
2f8c87c1f3d300758762e46e7a6b6839
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

- Target
  
  advbattoexeconverter.exe
- Size
  
  804KB
- MD5
  
  83bb1b476c7143552853a2cf983c1142
- SHA1
  
  8ff8ed5c533d70a7d933ec45264dd700145acd8c
- SHA256
  
  af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
- SHA512
  
  6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
- SSDEEP
  
  24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r
Score

10^/10

vidar 2f8c87c1f3d300758762e46e7a6b6839 evasion spyware stealer trojan
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Modifies boot configuration data using bcdedit
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidar2f8c87c1f3d300758762e46e7a6b6839evasionspywarestealertrojan

© 2018-2024

Terms | Privacy