vidar

Sharing

Copy URL

Twitter E-mail

General

Target

TradingViewExpert.zip
Size

8.0MB
Sample

240910-tvkrasthkb
MD5

14e65ed872eb85758d91d6d46aa1e00c
SHA1

12dff687648562a20662a0a9d6c0e96895f8c9f2
SHA256

ae9a5f6da619196a2aa74a10bc5994aa6d97e5713d4c6ba5d2c42abac4ab8d1d
SHA512

d5ca90b6b07fa8a0401054e21d17d907f6a2b6f0b2502b309e586b02f70897768b78ee852708fcd74ac50621b4afc4e7d8caf2ef929017a460d1c97a42da6f2c
SSDEEP

196608:jz2nqv9f6WMAv1XzAQExhOL8x0/MjqmnPv7PbtmsKGT7/OUzgX8/:Cq1yrgNcgMnPvbxtaUEO

Score

10^/10

Malware Config

Targets

- Target
  
  KeyFile/1033/sharedmanagementobjects_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  KeyFile/1033/sqlsysclrtypes_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  KeyFile/1049/sharedmanagementobjects_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  KeyFile/1049/sqlsysclrtypes_keyfile.dll
- Size
  
  23KB
- MD5
  
  5e54cb9759d1a9416f51ac1e759bbccf
- SHA1
  
  1a033a7aae7c294967b1baba0b1e6673d4eeefc6
- SHA256
  
  f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
- SHA512
  
  32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
- SSDEEP
  
  384:84k5u5z7PVXPWNgWJwzzvhPapBjTeajCxnvZTawclHMrm:84Rz7diEzvGArnhax+m
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  SDK/100/KeyFile/1033/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SDK/100/KeyFile/1049/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  SDK/100/SDK/Assemblies/Microsoft.SqlServer.Types.dll
- Size
  
  303KB
- MD5
  
  e3f6937bbc9f71fe87a931adfb92cecf
- SHA1
  
  91d3f257a6bbfbf8c50843011db6ce6535d998bf
- SHA256
  
  e272e45652092622db856dca4e840389be109abcaefd1f376b0043b450a801f5
- SHA512
  
  0d535416d4e3c485a4d133a23270c31d4e0e9f6e59a53c34fbaf0475dce0dc1004d329d3d7d58bb5c6a8f2b4b189932fdb90ce1294aa1d5ffb9c285711882210
- SSDEEP
  
  3072:X9ZHG6aeJrHhGKyoE8GoPxjdBiFaAGWjvGiPP2EpPZHqjm1Dkkr0v9o3:X9NbaeJrHhGKyoE86/KZ8
Score

1^/10
behavioral13 behavioral14
- Target
  
  SDK/100/SDK/Assemblies/ru/Microsoft.SqlServer.Types.Resources.dll
- Size
  
  41KB
- MD5
  
  92ba39e66c3d5894a23b110da092bbc0
- SHA1
  
  3c25e7140e6a59bf4af205c7ccaf7fe5907326e4
- SHA256
  
  69841056dc8d96096196fb08c79cf7d3b9d4659b5e7e64d13e47fc3c403e3f3f
- SHA512
  
  7055ada1eeeb954e5770fce83469ecddd2c9bc2aaae05887ea899042ad22b2513550de20242f5af25cd2338093e085a2d2da4682363a37834b83c01294348177
- SSDEEP
  
  384:9iua0XKriuQVqDvOo/dHoqWZLXci2jpvMUqR:9ium7QQDvPahMi2jpvGR
Score

1^/10
behavioral15 behavioral16
- Target
  
  TradingView Expert.exe
- Size
  
  15.5MB
- MD5
  
  4bb73ebd8c40e0a6c8385730da4ba289
- SHA1
  
  718ae4625c5614d45ee3684026b49d4add254b21
- SHA256
  
  83d7c2b437a5cbb314c457d3b7737305dadb2bc02d6562a98a8a8994061fe929
- SHA512
  
  51874f61067bfbf4e8f3c9b5e74a6ef570085d995bfd206f466c2b36ba01f829571b64ac7ee0679a5c17ccc003683edf997d7316fc403ca39544d7078ab543e2
- SSDEEP
  
  196608:r+MRbl6AmViFEHRQDQtCFuqmd5fJjpPYW0Gv5f02b7:r+m0AmEe5flxpo2b7
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Vidar Stealer

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Deletes itself

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18