MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a37d879c1e587691bcafff703c0cdcbcb95458c10dd055c8a82f826383bb6e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Vidar

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0a37d879c1e587691bcafff703c0cdcbcb95458c10dd055c8a82f826383bb6e6
SHA3-384 hash:	4f4ed1ea9203654257b0254ae2e9ca0161302201cc2e9f21f509756960b580c5046ee724cd4eee31fa13c83b75e29266
SHA1 hash:	576b446b7290e9a4928a9441c39f322fa7922dd4
MD5 hash:	292b9294d53d5e67ddf65ff49123983f
humanhash:	green-burger-alaska-maryland
File name:	photo_01-09-2023.7z
Download:	download sample
Signature	Vidar Create hunting rule
File size:	347'831 bytes
First seen:	2023-09-26 05:10:08 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	6144:L1ge9rf75vYXdET7Jp4l/TuPyv0GuasqryWq2hN/SL2:L2etFAXm7Jml/SKvPqMyW7N/u2
TLSH	T1A4741C5FE8026F45C335D4AB1ECE99343C9B02BF5E92AF13756678939FC098AB02541B
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter	JAMESWT_WT
Tags:	7z bookinggoogledrive file-pumped nopiya155-gmail.com vidar

Intelligence

File Origin

# of uploads :

# of downloads :

127

Origin country :

File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:	151
File size:	104 bytes
SHA256 hash:	d715bb352d5e966a8d2016ea19c73597588b3be4ed9abb3d9648d83d8c14ba86
MD5 hash:	a88604d6d80cbe551d34f406c9bfef13
MIME type:	application/octet-stream
Signature	Vidar

File name:	string.txt
File size:	6'040 bytes
SHA256 hash:	dc9efeb8fd5c79d286a8d35240521d7c6a58a7bcf4ae4bece982cac179e67034
MD5 hash:	07cbe788d8290e645e31b4445f89b263
MIME type:	application/octet-stream
Signature	Vidar

File name:	photo_01-09-2023.scr
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	681'908'768 bytes
SHA256 hash:	5bcf8daae2ea3c16457c44935e7332a66c3273e1b55e2219140c0582b317549c
MD5 hash:	157caf3fa653b346e9fe55400afd0410
De-pumped file size:	326'144 bytes (Vs. original size of 681'908'768 bytes)
De-pumped SHA256 hash:	98dad0014dc73826261db08c8feeed6db7c3acab36201bd5729c25d0c0cf4086
De-pumped MD5 hash:	348191312d211cb5a97acb771a8658f5
MIME type:	application/x-dosexec
Signature	Vidar

File name:	2387
File size:	34 bytes
SHA256 hash:	5b9ceb2f671e0df011cd4971c4c18922b40885cc917a1597a4aed9eb87ec92fd
MD5 hash:	8837d694a8266a17e1147f05f1010fdd
MIME type:	application/octet-stream
Signature	Vidar

File name:	8
File size:	304 bytes
SHA256 hash:	609cf0e1c5d2f8c59ce55228574bd35efef29d9ea018a50a9bc73703d4170006
MD5 hash:	e3d3493a8aadecb9cec77d61dd54db11
MIME type:	image/bmp
Signature	Vidar

File name:	723
File size:	48 bytes
SHA256 hash:	15e894a6fae1044ae45a109c1f6d5c14e502b8b76c0c22caae7d1bdf21dbefef
MD5 hash:	337b759f9a134a4df42165dfaf2b8219
MIME type:	application/octet-stream
Signature	Vidar

File name:	9
File size:	176 bytes
SHA256 hash:	67ceff3facc1ae98c4212a57be34fd73f7ac41d47c65002d6b77f7a3f3d33144
MD5 hash:	16c20d0ed86841e37517f8d83b93e29b
MIME type:	image/bmp
Signature	Vidar

Vendor Threat Intelligence

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Tags:

greyware large-file overlay packed

Link:

https://www.filescan.io/uploads/651267e734be449f0119d41d/reports/4a10485d-3721-4e91-b171-25a0cee0ef02/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/0a37d879c1e587691bcafff703c0cdcbcb95458c10dd055c8a82f826383bb6e6

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a37d879c1e587691bcafff703c0cdcbcb95458c10dd055c8a82f826383bb6e6/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bi35q6ob4wdwsg6k773qhqgnzpfzkrmmcdoqkxekql4cmob3w3ta._file

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar botnet:c2abfb0e7157a4fe8c1096547c466cbb discovery spyware stealer

Link:

https://tria.ge/reports/230926-mns1rsge2t/

Behaviour

Checks processor information in registry

Delays execution with timeout.exe

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Vidar

Malware Config

C2 Extraction:

https://steamcommunity.com/profiles/76561199555780195
https://t.me/solonichat

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0a37d879c1e587691bcafff703c0cdcbcb95458c10dd055c8a82f826383bb6e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample