vidar | dbc77d91f4364c8ebf577f41405a1969203092f1cc69d984940c2ba7bf541113 | Triage

Submit
Reports

Overview

overview

Static

static

1

FileCenter...py.exe

windows10-2004-x64

6

FileCenter...py.exe

windows11-21h2-x64

Sharing

General

Target

FileCenterSetup12 - Copy.exe
Size

298.9MB
Sample

240614-rz72aavcra
MD5

646609593e2dc4cdf186f0be4afdd869
SHA1

d41ff0e58b86467ebcf7b646ffd2f9851f091469
SHA256

dbc77d91f4364c8ebf577f41405a1969203092f1cc69d984940c2ba7bf541113
SHA512

e8845b07917f61bab64395cbb69da1237669082fae2ec478da3ed4de27480fa14b0b9e40fa3ccaf5ad816efbb8d71644e53b61748fa3fd9f33a0d2b6d5e028e5
SSDEEP

6291456:lnV+k6bAnEDrT9MJVeTJ3JkUnU1GFc9EuyiWBlMU6cgnnE:lnVesnEj9MJkTDNnkk7uWrR56E

Score

10^/10

vidar discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

FileCenterSetup12 - Copy.exe

Resource

win10v2004-20240508-en

discovery persistence

windows10-2004-x64

30 signatures

1200 seconds

Behavioral task

behavioral2

Sample

FileCenterSetup12 - Copy.exe

Resource

win11-20240508-en

vidar discovery persistence stealer

windows11-21h2-x64

30 signatures

1200 seconds

Malware Config

Targets

- Target
  
  FileCenterSetup12 - Copy.exe
- Size
  
  298.9MB
- MD5
  
  646609593e2dc4cdf186f0be4afdd869
- SHA1
  
  d41ff0e58b86467ebcf7b646ffd2f9851f091469
- SHA256
  
  dbc77d91f4364c8ebf577f41405a1969203092f1cc69d984940c2ba7bf541113
- SHA512
  
  e8845b07917f61bab64395cbb69da1237669082fae2ec478da3ed4de27480fa14b0b9e40fa3ccaf5ad816efbb8d71644e53b61748fa3fd9f33a0d2b6d5e028e5
- SSDEEP
  
  6291456:lnV+k6bAnEDrT9MJVeTJ3JkUnU1GFc9EuyiWBlMU6cgnnE:lnVesnEj9MJkTDNnkk7uWrR56E
Score

10^/10

discovery persistence vidar stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistence

behavioral2

vidardiscoverypersistencestealer

© 2018-2024

Terms | Privacy