Description
Vidar is an infostealer based on Arkei stealer.
d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb
General
Target
Size
Sample
d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb
629KB
220215-ggbv1sbde6
Score
10 /10
MD5
SHA1
SHA256
SHA512
c611ab25cb2f384c7349a90c3706c0a9
3abeb6a762c580a485faff32f3e5d1b1af21bc4d
d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb
d483c084e09f70fec9bf309f48692c7fbbcc48afc3f6989e41d3fb99e9ed0e7f5130585a5607dc308fac32fa92e2c09edb143611c6835e7aad560dd06e9f147d
Malware Config
Extracted
| Family | vidar |
| Version | 48.3 |
| Botnet | 937 |
| Attributes |
profile_id 937 |
Targets
Target
MD5
Filesize
d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb
c611ab25cb2f384c7349a90c3706c0a9
629KB
Score
10/10
SHA1
SHA256
SHA512
3abeb6a762c580a485faff32f3e5d1b1af21bc4d
d5c55582392771d747e99d748d3060c99d329ff826da768c9c0a8b975b739bcb
d483c084e09f70fec9bf309f48692c7fbbcc48afc3f6989e41d3fb99e9ed0e7f5130585a5607dc308fac32fa92e2c09edb143611c6835e7aad560dd06e9f147d
Tags
Signatures
-
Vidar
-
Vidar Stealer
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Deletes itself
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses 2FA software files, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks