MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Vidar


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e
SHA3-384 hash: 899837f1bdb269cabb96fe64930d65489360b8ccfeb1d44e79289907c03a5a066dbd90b7e85583fb847b3d0ff50b1ffa
SHA1 hash: 1b47c56c3981687f55b6062550f0d58a1a5a6b8a
MD5 hash: 63bdc86eb2f6c23164968a5e23f5e5f7
humanhash: yellow-sweet-potato-river
File name:vidar_unpacked_0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f.zip
Download: download sample
Signature Vidar
File size:158'731 bytes
First seen:2023-12-04 06:15:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 3072:mcylQCMTPaqdHXBCqsxdmQzwdPG73WVFmKQsuuuhGP3Vv+jLLq:M65xEmQ8du7GzIsuQVv+nLq
TLSH T1C9F31337DA6A9E5F262C905857E0AEC9F5A1F1CEF1A2868F693D22C95F48054332D7C0
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter embee_research
Tags:vidar zip

Intelligence


File Origin
# of uploads :
1
# of downloads :
278
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f
File size:309'760 bytes
SHA256 hash: 0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f
MD5 hash: 616f09727b8c0a69fadb2fb580a0b942
MIME type:application/x-dosexec
Signature Vidar
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm control crypto evasive greyware lolbin
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Malware family:
Score:
  10/10
Tags:
family:vidar botnet:99e0d5086493a95a748eebca81c70094
Behaviour
Modifies system certificate store
Malware Config
C2 Extraction:
https://steamcommunity.com/profiles/76561199566884947
https://t.me/octobrains
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments