vidar | 054986aec67c2880cec42fb6de4a84cfeeb061100adf848896f959d118868990 | Triage

Submit
Reports

Overview

overview

Static

static

1

FileCenter....0.exe

windows10-2004-x64

FileCenter....0.exe

windows11-21h2-x64

6

Sharing

General

Target

FileCenterSetup11 11.0.52.0.exe
Size

286.7MB
Sample

240614-tbnnva1cqn
MD5

ce87e1a9d64dbb0f2f2d684dc80c26aa
SHA1

6c9b96c8cf3c263e0292769d69a4e69cd9ca5c61
SHA256

054986aec67c2880cec42fb6de4a84cfeeb061100adf848896f959d118868990
SHA512

424aa187698437d98dbfbd4fed65783a7519fc8c37298ee23524869e4b1dc9cd65ee668d72bc3bd60afd43a7f99b945308f25930abd9f96704b44b199270baaa
SSDEEP

6291456:aSvHvgXwuxltwtZvZL1AdWtsU2iDFzNVJJz7F/gBNFz4YA3ErzsUZuMDF:aqHWLLS9ZL1AtsF5VvzJ/uFs8zsUZuM

Score

10^/10

vidar discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

FileCenterSetup11 11.0.52.0.exe

Resource

win10v2004-20240611-en

vidar discovery persistence stealer

windows10-2004-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

FileCenterSetup11 11.0.52.0.exe

Resource

win11-20240611-en

discovery persistence

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  FileCenterSetup11 11.0.52.0.exe
- Size
  
  286.7MB
- MD5
  
  ce87e1a9d64dbb0f2f2d684dc80c26aa
- SHA1
  
  6c9b96c8cf3c263e0292769d69a4e69cd9ca5c61
- SHA256
  
  054986aec67c2880cec42fb6de4a84cfeeb061100adf848896f959d118868990
- SHA512
  
  424aa187698437d98dbfbd4fed65783a7519fc8c37298ee23524869e4b1dc9cd65ee668d72bc3bd60afd43a7f99b945308f25930abd9f96704b44b199270baaa
- SSDEEP
  
  6291456:aSvHvgXwuxltwtZvZL1AdWtsU2iDFzNVJJz7F/gBNFz4YA3ErzsUZuMDF:aqHWLLS9ZL1AtsF5VvzJ/uFs8zsUZuM
Score

10^/10

vidar discovery persistence stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidardiscoverypersistencestealer

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy