MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Vidar

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e
SHA3-384 hash:	899837f1bdb269cabb96fe64930d65489360b8ccfeb1d44e79289907c03a5a066dbd90b7e85583fb847b3d0ff50b1ffa
SHA1 hash:	1b47c56c3981687f55b6062550f0d58a1a5a6b8a
MD5 hash:	63bdc86eb2f6c23164968a5e23f5e5f7
humanhash:	yellow-sweet-potato-river
File name:	vidar_unpacked_0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f.zip
Download:	download sample
Signature	Vidar Create hunting rule
File size:	158'731 bytes
First seen:	2023-12-04 06:15:34 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
Note:	This file is a password protected archive. The password is: infected
ssdeep	3072:mcylQCMTPaqdHXBCqsxdmQzwdPG73WVFmKQsuuuhGP3Vv+jLLq:M65xEmQ8du7GzIsuQVv+nLq
TLSH	T1C9F31337DA6A9E5F262C905857E0AEC9F5A1F1CEF1A2868F693D22C95F48054332D7C0
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	embee_research
Tags:	vidar zip

Intelligence

File Origin

# of uploads :

# of downloads :

278

Origin country :

File Archive Information

This file is a password protected archive. The password is: infected

This file archive contains 1 file(s), sorted by their relevance:

File name:	0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f
File size:	309'760 bytes
SHA256 hash:	0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f
MD5 hash:	616f09727b8c0a69fadb2fb580a0b942
MIME type:	application/x-dosexec
Signature	Vidar

Vendor Threat Intelligence

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm control crypto evasive greyware lolbin

Link:

https://www.filescan.io/uploads/656d6ea41abc4cc67cf0d565/reports/6c6d28a4-c71a-4243-964c-e321c57f90ed/overview

Verdict:

Suspicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y67yxqiamfmpmwpvt2xtp446ccsdoubqlg53gehnapjsce2lsnxa._file

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar botnet:99e0d5086493a95a748eebca81c70094

Link:

https://tria.ge/reports/231204-hjl97she53/

Behaviour

Modifies system certificate store

Malware Config

C2 Extraction:

https://steamcommunity.com/profiles/76561199566884947
https://t.me/octobrains

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample