Overview

overview

10

Static

static

10

d62c196235...ba.exe

windows7-x64

10

d62c196235...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba.exe

  • Size

    383KB

  • Sample

    241022-wfzysaxckb

  • MD5

    29d5025c7826e4c7fcdf4153a2b480d2

  • SHA1

    81324e6846812811e961b46e362df0a467c8ea6f

  • SHA256

    d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba

  • SHA512

    aab1623edaab9bcea8df19fa7070861d867e4aace528b7b7c34a4f24d4d2ca1af0658dab3b80009ee6e006179318a6473b681e44bfd21725fbfb6759d47853e2

  • SSDEEP

    6144:XGO+83+N11n5au8LvOWjTMZG6wn+Y8ekx0wKYHMCsHW+S0ZaaPG:XGOv3+N11n5ALvpjTACn+jek0VYExdZa

Score
10/10
vidar543d9974ea5ff5192bbd07e6548921d7credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

543d9974ea5ff5192bbd07e6548921d7

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba.exe

    • Size

      383KB

    • MD5

      29d5025c7826e4c7fcdf4153a2b480d2

    • SHA1

      81324e6846812811e961b46e362df0a467c8ea6f

    • SHA256

      d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba

    • SHA512

      aab1623edaab9bcea8df19fa7070861d867e4aace528b7b7c34a4f24d4d2ca1af0658dab3b80009ee6e006179318a6473b681e44bfd21725fbfb6759d47853e2

    • SSDEEP

      6144:XGO+83+N11n5au8LvOWjTMZG6wn+Y8ekx0wKYHMCsHW+S0ZaaPG:XGOv3+N11n5ALvpjTACn+jek0VYExdZa

    Score
    10/10
    vidar543d9974ea5ff5192bbd07e6548921d7credential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks