vidar | 19a3a44ac2a76785aebf3423b12609823096728f9147a7bd73343a1e07f603d2 | Triage

Analysis

max time kernel
4294201s
max time network
145s
platform
windows7_x64
resource
win7-20220311-en
submitted
13-03-2022 01:19

Sharing

Report Analysis Logs

General

Target

00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653.exe
Size

612KB
MD5

73436d25c84169541b65e0918915e9b1
SHA1

172ff84dcf78e107491b41571633706f2769fc89
SHA256

00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653
SHA512

1cdada9ebc78d35c9a3abd46c822ba99a069388130c3d9e120d87d757991bc6b23222a920e5bb7695190bbed2a7c3855b71b4f7b21aaf7a3101a30c46433adcb

Score

10^/10

vidar 565 stealer

Malware Config

Extracted

Family

vidar

Version

50.4

Botnet

565

C2

https://mastodon.online/@samsa11

https://koyu.space/@samsa2l

Attributes

profile_id
565

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1968-56-0x0000000000310000-0x00000000003BC000-memory.dmp	family_vidar
behavioral1/memory/1968-57-0x0000000000400000-0x00000000006B2000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653.exe
"C:\Users\Admin\AppData\Local\Temp\00d6f31d90383a9476740df502edfc98b5487307b171f3b5ea3aa2f24770a653.exe"
1⤵
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-54-0x0000000075081000-0x0000000075083000-memory.dmp

Filesize
8KB

Download
memory/1968-55-0x00000000002A0000-0x000000000030B000-memory.dmp

Filesize
428KB

Download
memory/1968-56-0x0000000000310000-0x00000000003BC000-memory.dmp

Filesize
688KB

Download
memory/1968-57-0x0000000000400000-0x00000000006B2000-memory.dmp

Filesize
2.7MB

Download