vidar | 8d1b26a938d38b8a975d9adc512dc109af43782bc01acb0ad21528512a8d2b39 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8d1b26a938d38b8a975d9adc512dc109af43782bc01acb0ad21528512a8d2b39
Size

2.9MB
Sample

241222-dmx4na1ldy
MD5

459c3130ad913a4b309fd778bad0886c
SHA1

c989039a53cee7b2913f38cfee87d5eb6c9e647c
SHA256

8d1b26a938d38b8a975d9adc512dc109af43782bc01acb0ad21528512a8d2b39
SHA512

daaf6c7151bf8fbed4c95dedfe9eabe4b4142c68b4f504ba4262d3cb758a86b101f15a6c4c332290cbf7e6b1284c5b2810d5e9f2a74e4eaf73d8b22803e7a2e7
SSDEEP

49152:MFDpKfdRORH5ie0aYmE1m0mx2JJibRfF1aYxJthDueQHigoVeJJXgrgvjuC1WSJv:CsfdYHIXKCNmaJiP1aYxJtV6Cg2eJJQI

Score

10^/10

vidar 1281 discovery evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240903-en

vidar 1281 discovery evasion stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20241007-en

vidar 1281 discovery evasion stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1281

C2

https://t.me/netflixaccsfree

Attributes

profile_id
1281

Targets

- Target
  
  Setup.exe
- Size
  
  397.6MB
- MD5
  
  c011c5bad19774ebf56ec031387998a7
- SHA1
  
  df8a65c3b049e81f5633086ea5f66b8a5b82f435
- SHA256
  
  330aeaaf79d476459e8808ccf795879e94d6892a1610cf4460958e790e0d0b25
- SHA512
  
  3a393844490f399e6d851c9fbd0aa5ab5284ebc5e6cdac7094e7fb88dbed01856c0e777db619437925e6e0d4b5df700a3641b498d8e4df504f862013eab1bdb3
- SSDEEP
  
  49152:tYhJSaBmN9w/QZKRy7bRkBPoyN041j+lav0v1L8EhlV:ehJSJ5cRy7G/1s8OyulV
Score

10^/10

vidar 1281 discovery evasion stealer trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Vidar Stealer
  stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1281discoveryevasionstealertrojan

behavioral2

vidar1281discoveryevasionstealertrojan

© 2018-2024

Terms | Privacy