vidar | 2524855bcced9b49150501bb4d12e4699d48354003f7ad22d068fefe93f34bf1

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TradingView Premium Beta_v.2.4.exe
Size

375.0MB
MD5

d9bdbd87fb9087d61e30d831d96aaa05
SHA1

f3f8faaecfe13dcaf436cb6da98aa794f4fef46b
SHA256

21805c67ab453e3a483f64e76e19bd75441022356af7cf13eb936af1617f318a
SHA512

22d18c9427b63f7c327211d673b7ab7489d606f16b0feebffa3121b3b0f533c83cacf2d1aa6751d1acdd784cfd7bcdbbd076cdb9dd3527fd11cb44b1a0b103df
SSDEEP

196608:0AFFtEK4xfkZILW1T81daQHyWQOPVpN2+30eivq:0QtEHxfNW1idaVOPV/Drii

Score

10^/10

vidar 1134 discovery stealer

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1134

https://t.me/huobiinside

https://mas.to/@kyriazhs1975

http://79.124.78.206:80

Attributes

profile_id
1134

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TradingView Premium Beta_v.2.4.exe

C:\Users\Admin\AppData\Local\Temp\TradingView Premium Beta_v.2.4.exe
"C:\Users\Admin\AppData\Local\Temp\TradingView Premium Beta_v.2.4.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-0-0x0000000000DF0000-0x0000000001A4B000-memory.dmp

Filesize
12.4MB

Download
memory/2672-5-0x0000000000DF0000-0x0000000001A4B000-memory.dmp

Filesize
12.4MB

Download