ioc[.]one - OSINT Cyber Threat Intelligence Database

Deep Analysis of Vidar Stealer

Tags

country:	South Korea Russia United States Of America
attack-pattern:	Data Direct Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	c1caea35-e64e-4708-8c02-15f660b4bf76
Fingerprint	a5bcbac4dbb78302
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 23, 2022, 12:24 p.m.
Added to db	Sept. 11, 2022, 12:46 p.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	Deep Analysis of Vidar Stealer
Title	Deep Analysis of Vidar Stealer
Detected Hints/Tags/Attributes	69/2/45

Source URLs

	Redirection	Url
Details	Source	https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	faceit.com
Details	Domain	5	api.faceit.com
Details	Domain	1175	gmail.com
Details	Domain	2	my-vidar.com
Details	Domain	2	duckclack.com
Details	Domain	1	eeeb5d54-7880-42a7-b542-739bbc26cf4b8568363090.zip
Details	Email	1	kiseleva.veronika.73@gmail.com
Details	Email	1	xeronxik123@gmail.com
Details	File	1	c:\programdata\ normal dll files related to firefox freebl3.dll
Details	File	51	mozglue.dll
Details	File	51	msvcp140.dll
Details	File	71	nss3.dll
Details	File	41	softokn3.dll
Details	File	69	vcruntime140.dll
Details	File	99	passwords.txt
Details	File	45	information.txt
Details	File	10	outlook.txt
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	c:\users\admin\appdata\roaming\build.exe
Details	File	119	smss.exe
Details	File	165	csrss.exe
Details	File	89	wininit.exe
Details	File	212	winlogon.exe
Details	File	306	services.exe
Details	File	478	lsass.exe
Details	File	31	lsm.exe
Details	File	1122	svchost.exe
Details	File	2	imedictupdate.exe
Details	File	3	srvpost.exe
Details	File	27	searchindexer.exe
Details	File	62	taskhost.exe
Details	File	1	eeeb5d54-7880-42a7-b542-739bbc26cf4b8568363090.zip
Details	IPv4	1	27.0.0.187
Details	Url	1	https://api.faceit.com/core/v1/nicknames
Details	Url	2	https://api.faceit.com/core/v1/nicknames/yetveirrifcu
Details	Url	2	https://api.faceit.com/core/v1/nicknames/tronhack
Details	Url	2	https://api.faceit.com/core/v1/nicknames/slowyen
Details	Url	2	https://api.faceit.com/core/v1/nicknames/sergeevih
Details	Url	2	https://api.faceit.com/core/v1/nicknames/dendytest
Details	Url	2	https://api.faceit.com/core/v1/nicknames/xeronxik123
Details	Url	2	https://api.faceit.com/core/v1/nicknames/vyh62lapin
Details	Url	2	https://api.faceit.com/core/v1/nicknames/sslamlssa
Details	Url	2	https://api.faceit.com/core/v1/nicknames/ramilgame
Details	Url	2	https://api.faceit.com/core/v1/nicknames/legomind
Details	Url	2	https://api.faceit.com/core/v1/nicknames/pavel23puef