vidar

Sharing

Copy URL

Twitter E-mail

General

Target

TradingView_Expert.zip
Size

8.0MB
Sample

240910-qmg4navhpm
MD5

14e65ed872eb85758d91d6d46aa1e00c
SHA1

12dff687648562a20662a0a9d6c0e96895f8c9f2
SHA256

ae9a5f6da619196a2aa74a10bc5994aa6d97e5713d4c6ba5d2c42abac4ab8d1d
SHA512

d5ca90b6b07fa8a0401054e21d17d907f6a2b6f0b2502b309e586b02f70897768b78ee852708fcd74ac50621b4afc4e7d8caf2ef929017a460d1c97a42da6f2c
SSDEEP

196608:jz2nqv9f6WMAv1XzAQExhOL8x0/MjqmnPv7PbtmsKGT7/OUzgX8/:Cq1yrgNcgMnPvbxtaUEO

Score

10^/10

Malware Config

Targets

- Target
  
  TradingView_Expert.zip
- Size
  
  8.0MB
- MD5
  
  14e65ed872eb85758d91d6d46aa1e00c
- SHA1
  
  12dff687648562a20662a0a9d6c0e96895f8c9f2
- SHA256
  
  ae9a5f6da619196a2aa74a10bc5994aa6d97e5713d4c6ba5d2c42abac4ab8d1d
- SHA512
  
  d5ca90b6b07fa8a0401054e21d17d907f6a2b6f0b2502b309e586b02f70897768b78ee852708fcd74ac50621b4afc4e7d8caf2ef929017a460d1c97a42da6f2c
- SSDEEP
  
  196608:jz2nqv9f6WMAv1XzAQExhOL8x0/MjqmnPv7PbtmsKGT7/OUzgX8/:Cq1yrgNcgMnPvbxtaUEO
Score

1^/10
behavioral1 behavioral2
- Target
  
  KeyFile/1033/sharedmanagementobjects_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  KeyFile/1033/sqlsysclrtypes_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  KeyFile/1049/sharedmanagementobjects_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  KeyFile/1049/sqlsysclrtypes_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SDK/100/KeyFile/1033/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  SDK/100/KeyFile/1049/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  SDK/100/SDK/Assemblies/Microsoft.SqlServer.Types.dll
- Size
  
  303KB
- MD5
  
  e3f6937bbc9f71fe87a931adfb92cecf
- SHA1
  
  91d3f257a6bbfbf8c50843011db6ce6535d998bf
- SHA256
  
  e272e45652092622db856dca4e840389be109abcaefd1f376b0043b450a801f5
- SHA512
  
  0d535416d4e3c485a4d133a23270c31d4e0e9f6e59a53c34fbaf0475dce0dc1004d329d3d7d58bb5c6a8f2b4b189932fdb90ce1294aa1d5ffb9c285711882210
- SSDEEP
  
  3072:X9ZHG6aeJrHhGKyoE8GoPxjdBiFaAGWjvGiPP2EpPZHqjm1Dkkr0v9o3:X9NbaeJrHhGKyoE86/KZ8
Score

1^/10
behavioral15 behavioral16
- Target
  
  SDK/100/SDK/Assemblies/ru/Microsoft.SqlServer.Types.Resources.dll
- Size
  
  41KB
- MD5
  
  92ba39e66c3d5894a23b110da092bbc0
- SHA1
  
  3c25e7140e6a59bf4af205c7ccaf7fe5907326e4
- SHA256
  
  69841056dc8d96096196fb08c79cf7d3b9d4659b5e7e64d13e47fc3c403e3f3f
- SHA512
  
  7055ada1eeeb954e5770fce83469ecddd2c9bc2aaae05887ea899042ad22b2513550de20242f5af25cd2338093e085a2d2da4682363a37834b83c01294348177
- SSDEEP
  
  384:9iua0XKriuQVqDvOo/dHoqWZLXci2jpvMUqR:9ium7QQDvPahMi2jpvGR
Score

1^/10
behavioral17 behavioral18
- Target
  
  SDK/Include/sqlncli.h
- Size
  
  171KB
- MD5
  
  e18728306ff50e10128b78b1996c8fec
- SHA1
  
  b1213ebd3c35ebc9c364e06ca9daa05a1f1a660a
- SHA256
  
  c456a690db999e90100b20ba464ba06670310fc16959553cd6991ff411387b67
- SHA512
  
  8016b045ca325b2f05417a398e4ed0262bc5dc162377f2adaa33df02101f177bfa1aeee08972b3b6fe01b475c5190f1d739e6942ff06c5e6296459fc7ab8596f
- SSDEEP
  
  3072:rnBb6ds1q3r33ozc3FRHKf5Ba/T7vQW7aoC2nHBZpioWAmiA/8Op:rnBb6ds1q3jjT7vQW7aoC2nHDpioWA9+
Score

3^/10
behavioral19 behavioral20
- Target
  
  SDK/Lib/x64/sqlncli11.lib
- Size
  
  6KB
- MD5
  
  8af8f618a6b6063d18ef5dd016b5a08b
- SHA1
  
  1c95ba05a02294d0945b0d88b378100442ad7330
- SHA256
  
  ae6cef1c8164775bef8202c367e45c69f09b92b86d04876f45f7befc4196e4e8
- SHA512
  
  abf4b25e3b071d1c8490c81181b7f7a4c341f41348c5230548ceddd3749a70170877594c37ffb2185105e7352ccba7ce3dc1b89eb71ceda73534bc57a0e3ea9d
- SSDEEP
  
  96:Qgf+2NI0QpsyHx2FbdpXZEKf+EK1KfKyeuj3FTk/Yx:QgWH0QpsyMbjXZEKWEzj3FTk/Yx
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  SDK/Lib/x86/sqlncli11.lib
- Size
  
  6KB
- MD5
  
  1fa6ee9c2e84b4a46127df1af4c09b7d
- SHA1
  
  62fbf0018de9bffab8e0eb4fe297f0a76b8a12f0
- SHA256
  
  ff52761730b58b81857dfe330bb240b90e948910025d92eb3369eae3af18f8fa
- SHA512
  
  0919e58ffd5df98bc801044e03cca67878924b45f2bec0a20219de08afe969d591af77ff678343d4889f62ec64c2b74c2f627bd4be670fa0df24ceda9937f789
- SSDEEP
  
  96:VVZzw5mOqjLw/Qv/MSasj2A5wA7ZYKVKCKL5q4N1R5zxnV:XZaqjLw/PSasj2UZGN1R5zxnV
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  TradingView Expert.exe
- Size
  
  15.5MB
- MD5
  
  4bb73ebd8c40e0a6c8385730da4ba289
- SHA1
  
  718ae4625c5614d45ee3684026b49d4add254b21
- SHA256
  
  83d7c2b437a5cbb314c457d3b7737305dadb2bc02d6562a98a8a8994061fe929
- SHA512
  
  51874f61067bfbf4e8f3c9b5e74a6ef570085d995bfd206f466c2b36ba01f829571b64ac7ee0679a5c17ccc003683edf997d7316fc403ca39544d7078ab543e2
- SSDEEP
  
  196608:r+MRbl6AmViFEHRQDQtCFuqmd5fJjpPYW0Gv5f02b7:r+m0AmEe5flxpo2b7
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral25 behavioral26
- Target
  
  geo.dat
- Size
  
  1.4MB
- MD5
  
  79423daa2bf4f352b7b18dde5e4accad
- SHA1
  
  f5824f30f3b78bd6a15b64ce0c2fb4530e813604
- SHA256
  
  e8da9867f215b070f5a2d184aa6473279b06c06c8c8c7d9610548a3bc501cbfa
- SHA512
  
  57d1e9824a16f7fb7ddd2f4bbd7228e5604c1d63db42e139fa1f76dd028059e2cf8f29ce6dbdf2caeef0f8c2ed2cb6c541caa2e18d837c63238badd87d9b6974
- SSDEEP
  
  12288:ciC4DiSOyLPHQvXtEfeI+QJ0YAYP8ocIzpyO/HUrBsyQJ0YAYP8c6gQwzDyOKTyB:Q0Z55/DlUYn
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Vidar Stealer

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Deletes itself

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28