MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f70770156516548bed55e29b19f1dc0a5ef6409a77e3b3e784c08ff86539022. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	8f70770156516548bed55e29b19f1dc0a5ef6409a77e3b3e784c08ff86539022
SHA3-384 hash:	28890f66fe3c6b5e55b888a027dafbbb769a1ec32c0f442414c7dff559a910a13f829b719d81f8df6e52074b0d2cd6e3
SHA1 hash:	2ebb4a508116d2b9c92a8acd59f8f5fa4475cb58
MD5 hash:	fd2f07014182ca8bb18ca2925bd3199e
humanhash:	oklahoma-violet-xray-one
File name:	SecuriteInfo.com.Variant.Razy.654349.25703.22875
Download:	download sample
File size:	2'936'832 bytes
First seen:	2020-05-04 14:43:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9d6b988ee2ff900bb46f7b1ad8162182 (3 x ArkeiStealer)
ssdeep	49152:bj2+F9jscGEv0/NS4fUGhyiBJ28H7kdeCzrR4gEWPnu5+5l4mQvTUe:bj2+FxscGmgS4vcq3H7kddPWkoalkvTH
Threatray	1'032 similar samples on MalwareBazaar
TLSH	14D533973D23DE57E40EBE32A227908B8564342532BEC5657F0DBF3E241AA1C267C674
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.654349.25703.22875.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Chapak

Status:

Malicious

First seen:

2020-05-04 12:48:41 UTC

File Type:

PE (Exe)

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

276ff250495d6b475c84a26dce4faa535f976780fdfc69cc0dc831dba3451a5c

389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf

433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30

610ef8befe605dd4ba3277c221c25932ffd6e1b939728da70ebd0d1b96fddaa4

7a445143a652f58fa4abc4957269aea8f884f71e7f4654b56385491eb544b0a5

7c2bcbc90aad473e93b52051f11b1c1d8f3d9436b7d95b49e1ca4c7c835b0115

9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd

b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03

daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0

e9e9a0314ec1302997e3382807436f43a70e0dc2c165aafa6b5b8f3856d04d0d

+ 1'022 additional samples on MalwareBazaar

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar discovery evasion spyware stealer trojan

Link:

https://tria.ge/reports/201109-nzlmwk1kdx/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Looks up external IP address via web service

Checks BIOS information in registry

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8f70770156516548bed55e29b19f1dc0a5ef6409a77e3b3e784c08ff86539022

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/356823/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample