MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
SHA3-384 hash: 8d87325f504546447e36916bd4c9819dd6446af7766ece792e0e87f18965c66aac978e8e60b6f5f34ad85c7391295786
SHA1 hash: bb7c1d6f01006d4f91deb1366922cf7d4c6c0750
MD5 hash: 16bc6536b2bfda138d28e0be32c0a2c6
humanhash: yankee-beer-sierra-fillet
File name:file
Download: download sample
Signature Vidar
Create hunting rule
File size:355'840 bytes
First seen:2023-12-01 07:08:11 UTC
Last seen:2023-12-01 10:27:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bd61e688135eda02fcf13008a67a440 (6 x Smoke Loader, 2 x Stealc, 2 x Vidar)
ssdeep 6144:QNU8lR4jSX5fbDkbhmZ00Rkf46siEBjX:SU8Mmuw36PEZ
Threatray 28 similar samples on MalwareBazaar
TLSH T13374074392E17D86EA278B729F2FC6FC771EF6508E497B691228DE1B04B0172D1A3711
TrID 67.1% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.2% (.EXE) Win64 Executable (generic) (10523/12/4)
5.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.2% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 00089191982830a4 (1 x Vidar)
Reporter andretavare5
Tags:exe vidar


Avatar
andretavare5
Sample downloaded from http://gons34cl.top/build.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
346
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/461641/
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Gathering data
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/df7c5636-4335-4376-8a6e-b88168dcbedb
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1351157
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-01 07:09:04 UTC
File Type:
PE (Exe)
Extracted files:
74
AV detection:
19 of 23 (82.61%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrmp3jtwpu6qk5zcep2cm4dvwlocuy54qavgajxt3pauapr67ilq._file
Verdict:
malicious
Similar samples:
1b5b2846fe02fa318dd6f82439d4826948cbfc4d7245a8267ac37605bd094885
Vidar
33b04a8d7bc2da4d5e00ce9acd0e5755daf961f1a8574ef84ba3d58761127d6a
Vidar
347d793c12fd82dc8e0841d24d2f8cb9743534bd0f156b302b5cb7b07bb5d319
Vidar
465bec204932baa110e7344f725d7a9acd5c1a599927e6a3a080aa31dc18101f
Vidar
8a59a0e9b326966e4fb7353078bf82b765df754e575a3bfe3bb44220ffb41116
Vidar
cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
Vidar
+ 18 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:52d67d34ad338b1aab9d89c0da5a59b1 stealer
Link:
https://tria.ge/reports/231201-hyfe7sfg69/
Behaviour
Modifies system certificate store
Program crash
Vidar
Malware Config
C2 Extraction:
https://t.me/s4p0g
https://steamcommunity.com/profiles/76561199575355834
Unpacked files
SH256 hash:
0eb80c05ac737a24895a2aa7cc90efcc0d35b2e69dde344456777905927f48b7
MD5 hash:
8b6e28563af97951eef7a77160ebd85d
SHA1 hash:
da17ace60230151a19380c8d901e86282edd8988
Detections:
INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL
Create hunting rule
Link:
https://www.unpac.me/results/f1c4540a-3f0f-4bd1-8bef-98c3b11658a2/
Parent samples :
cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
c2c5d319bc5fe424a8ea42a8626dd6b93b27f1a23aa45611df09ecf55dfa1dfa
SH256 hash:
cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
MD5 hash:
16bc6536b2bfda138d28e0be32c0a2c6
SHA1 hash:
bb7c1d6f01006d4f91deb1366922cf7d4c6c0750
Link:
https://www.unpac.me/results/f1c4540a-3f0f-4bd1-8bef-98c3b11658a2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/461641/
  
URLhaus
https://urlhaus.abuse.ch/url/2735078/
  
URLhaus
https://urlhaus.abuse.ch/url/2736390/

Comments