vidar | f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5 | Triage

Submit
Reports

Overview

overview

Static

static

7

TradingVie...k).exe

windows7-x64

TradingVie...k).exe

windows10-1703-x64

TradingVie...k).exe

windows10-2004-x64

TradingVie...k).exe

windows11-21h2-x64

Sharing

General

Target

TradingView (Premium pack).exe
Size

781.3MB
Sample

240426-y3gf3acc4y
MD5

4a4c83f97addc8204586bfacbaca6987
SHA1

f1e16bffb10a444e73fa2b067370b296e21012ce
SHA256

f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5
SHA512

d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92
SSDEEP

98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f

Score

10^/10

vidar evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TradingView (Premium pack).exe

Resource

win7-20240215-en

vidar evasion stealer themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

TradingView (Premium pack).exe

Resource

win10-20240404-en

vidar evasion stealer themida trojan

windows10-1703-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

TradingView (Premium pack).exe

Resource

win10v2004-20240419-en

vidar evasion stealer themida trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

TradingView (Premium pack).exe

Resource

win11-20240419-en

vidar evasion stealer themida trojan

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Targets

- Target
  
  TradingView (Premium pack).exe
- Size
  
  781.3MB
- MD5
  
  4a4c83f97addc8204586bfacbaca6987
- SHA1
  
  f1e16bffb10a444e73fa2b067370b296e21012ce
- SHA256
  
  f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5
- SHA512
  
  d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92
- SSDEEP
  
  98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f
Score

10^/10

vidar evasion stealer themida trojan
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidarevasionstealerthemidatrojan

behavioral2

vidarevasionstealerthemidatrojan

behavioral3

vidarevasionstealerthemidatrojan

behavioral4

vidarevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy