5cfdfbbd928e7f75439ab753a3ed477e

Target

Size

733KB

Sample

220106-vk87ksbdf7

Score

10 ^/10

MD5

5cfdfbbd928e7f75439ab753a3ed477e

SHA1

79e59a3c5585e8512e7dbed0f427c3112c453e44

SHA256

151b35e77d77973a3386732ec0b8f56e0ec08f63f052c0333fdf0f9185f4baa3

SHA512

dfaea78777aa23f840fcd4cb000ae1f9b04e6d6f471711e2e059c1286e0e2e49ad56f0a81edf0a9f31173be60098e1efdf5df24c3094710a617f122974bff4f1

Extracted

Family	vidar
Version	49.5
Botnet	937
C2	https://qoto.org/@banda4ker https://c.im/@banda3ker https://qoto.org/@banda4ker https://c.im/@banda3ker
Attributes	profile_id 937

Target

5cfdfbbd928e7f75439ab753a3ed477e

MD5

5cfdfbbd928e7f75439ab753a3ed477e

Filesize

733KB

Score

10^/10

SHA1

79e59a3c5585e8512e7dbed0f427c3112c453e44

SHA256

151b35e77d77973a3386732ec0b8f56e0ec08f63f052c0333fdf0f9185f4baa3

SHA512

dfaea78777aa23f840fcd4cb000ae1f9b04e6d6f471711e2e059c1286e0e2e49ad56f0a81edf0a9f31173be60098e1efdf5df24c3094710a617f122974bff4f1

Signatures

Vidar
Description

Vidar is an infostealer based on Arkei stealer.
Tags

stealer vidar
Vidar Stealer
Tags

stealer
Downloads MZ/PE file
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses 2FA software files, possible credential harvesting
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

vidar 937 discovery spyware stealer

10^/10

behavioral2

vidar 937 discovery spyware stealer

10^/10

Extracted

Tags

Signatures

Vidar

Description

Tags

Vidar Stealer

Tags

Downloads MZ/PE file

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses 2FA software files, possible credential harvesting

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2