vidar | b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3 | Triage

Submit
Reports

Overview

overview

Static

static

3

b4a04a1bf8...3N.exe

windows7-x64

b4a04a1bf8...3N.exe

windows10-2004-x64

Sharing

General

Target

b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3N
Size

571KB
Sample

241010-erznqasfrn
MD5

04c2c7a717122dc38042383ec0012100
SHA1

2a6791c8fa407043834e850e96a5b911fd0c4363
SHA256

b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3
SHA512

e23162c851cb99c37c7595accc8d2f9a7fbd5c08349b081f4d0d3035488ad41e9108c2f195ac58ace941f7d1c36f19f06219a31718dabbea6a7eaa8b14b804f1
SSDEEP

12288:+Lg1ZnYljso4nhYWdMAhUe3kFKwWbdYGzIfP2d9jU4S:+wnYInOWKtehhZY8wqX

Score

10^/10

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3N.exe

Resource

win7-20240903-en

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3N.exe

Resource

win10v2004-20241007-en

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Botnet

c0c7c802c4ec94ab4c7fcd88c588698c

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3N
- Size
  
  571KB
- MD5
  
  04c2c7a717122dc38042383ec0012100
- SHA1
  
  2a6791c8fa407043834e850e96a5b911fd0c4363
- SHA256
  
  b4a04a1bf82bd3acb278fd1f1a3216686e465c574bc63a410192c40dec12e2d3
- SHA512
  
  e23162c851cb99c37c7595accc8d2f9a7fbd5c08349b081f4d0d3035488ad41e9108c2f195ac58ace941f7d1c36f19f06219a31718dabbea6a7eaa8b14b804f1
- SSDEEP
  
  12288:+Lg1ZnYljso4nhYWdMAhUe3kFKwWbdYGzIfP2d9jU4S:+wnYInOWKtehhZY8wqX
Score

10^/10

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarc0c7c802c4ec94ab4c7fcd88c588698ccredential_accessdiscoveryspywarestealer

behavioral2

vidarc0c7c802c4ec94ab4c7fcd88c588698ccredential_accessdiscoveryspywarestealer

© 2018-2024

Terms | Privacy