Microsoft Windows 11 help Files have Vidar Spyware | Zscaler
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 5d8b1867-3b62-40cc-970d-7ffbcb36c203 |
| Fingerprint | ac240d178a1e26c2 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 19, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:43 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Vidar distributed through backdoored Windows 11 downloads and abusing Telegram |
| Title | Microsoft Windows 11 help Files have Vidar Spyware | Zscaler |
| Detected Hints/Tags/Attributes | 0/0/53 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ieji.de |
|
| Details | Domain | 22 | update.zip |
|
| Details | Domain | 2 | koyu.space |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | ms-win11.com |
|
| Details | Domain | 1 | ms-win11.midlandscancer.com |
|
| Details | Domain | 1 | win11-serv4.com |
|
| Details | Domain | 1 | win11-serv.com |
|
| Details | Domain | 1 | win11install.com |
|
| Details | Domain | 1 | ms-teams-app.net |
|
| Details | Domain | 1 | files.getsnyper.com |
|
| Details | Domain | 5 | api.faceit.com |
|
| Details | File | 24 | update.zip |
|
| Details | File | 44 | freebl3.dll |
|
| Details | File | 51 | mozglue.dll |
|
| Details | File | 51 | msvcp140.dll |
|
| Details | File | 71 | nss3.dll |
|
| Details | File | 41 | softokn3.dll |
|
| Details | File | 104 | sqlite3.dll |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | File | 1 | setup.iso |
|
| Details | File | 13 | conf.json |
|
| Details | File | 7 | window-state.json |
|
| Details | File | 21 | exodus.wallet |
|
| Details | File | 9 | passphrase.json |
|
| Details | File | 6 | multidoge.wallet |
|
| Details | File | 3 | 000003.log |
|
| Details | File | 7 | app-store.json |
|
| Details | File | 1 | c:\\programdata\\ .exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 33 | config.msi |
|
| Details | File | 2 | msdownld.tmp |
|
| Details | File | 99 | passwords.txt |
|
| Details | File | 23 | vaultcli.dll |
|
| Details | File | 29 | profiles.ini |
|
| Details | File | 24 | signons.sql |
|
| Details | File | 64 | logins.json |
|
| Details | File | 1 | c:\\users\\ \\appdata\\roaming\\filezilla\\recentservers.xml |
|
| Details | File | 25 | accounts.xml |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 4 | plugin-container.exe |
|
| Details | File | 2 | update_notifier.exe |
|
| Details | File | 2 | %s_%s.txt |
|
| Details | File | 3 | ie_cookies.txt |
|
| Details | File | 3 | edge_cookies.txt |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 76 | gdi32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 34 | psapi.dll |
|
| Details | File | 52 | bcrypt.dll |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 2 | c:\\programdata\\nss3.dll |