vidar | 3b275eb3041764efa0c25789652714f73013eba1cca9636d1dd201db733e16c1 | Triage

Sharing

General

Target

f20d8f923ba4065f004bbb79086a8637.exe
Size

608KB
Sample

220908-ptf99sefa2
MD5

f20d8f923ba4065f004bbb79086a8637
SHA1

f43809b21b6e4dc9eba2d4681b2d8fc10384edc3
SHA256

3b275eb3041764efa0c25789652714f73013eba1cca9636d1dd201db733e16c1
SHA512

70bc9ea694a32ef7625ddc33b40d0a0c0c7e149886938304052740ac45d1d547fd8d2a08e085103fe6a9a8b7d165f3364a770e92ab0c8b00235e77e56ef84867
SSDEEP

12288:NFG1MZ0KtvusH5nfVwcCU/gb5uGJ5j/irX7fy29C+A30Fo9srKdMEFqW3QjyVInn:y185ndiU/4J/irX7q2MV0kWYyeJni

Score

10^/10

vidar 1438 spyware stealer

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26

Attributes

profile_id
1438

Targets

- Target
  
  f20d8f923ba4065f004bbb79086a8637.exe
- Size
  
  608KB
- MD5
  
  f20d8f923ba4065f004bbb79086a8637
- SHA1
  
  f43809b21b6e4dc9eba2d4681b2d8fc10384edc3
- SHA256
  
  3b275eb3041764efa0c25789652714f73013eba1cca9636d1dd201db733e16c1
- SHA512
  
  70bc9ea694a32ef7625ddc33b40d0a0c0c7e149886938304052740ac45d1d547fd8d2a08e085103fe6a9a8b7d165f3364a770e92ab0c8b00235e77e56ef84867
- SSDEEP
  
  12288:NFG1MZ0KtvusH5nfVwcCU/gb5uGJ5j/irX7fy29C+A30Fo9srKdMEFqW3QjyVInn:y185ndiU/4J/irX7q2MV0kWYyeJni
Score

10^/10

vidar 1438 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1438stealer

behavioral2

vidar1438spywarestealer