vidar | 9e5c7ec1fd704ef7fa6463ed839875ddc039f276bf8e0f866f228e275b349454 | Triage

Sharing

General

Target

400566d192aca40edf56b858214ed0b9.exe
Size

608KB
Sample

220911-hh292abbc2
MD5

400566d192aca40edf56b858214ed0b9
SHA1

d6acd830e72934b4c8ad6cc8d4dac72f95568182
SHA256

9e5c7ec1fd704ef7fa6463ed839875ddc039f276bf8e0f866f228e275b349454
SHA512

6e1c412c910508f66a920ddd260dcd64b36a4c601a9816ebd7f8d656e43780daaf0da2309ebf3f3e56c82f760697028c43c4c24fd04bf5957ac6b097a26e5a4f
SSDEEP

12288:hQG1oZ0KtvusH5na1AMCkPwLpuWJpF2T4Pmc0jObZxNZXCRNRRS+0fMePJ:z1o5ngCkP4L90jOn6NRRSE6

Score

10^/10

vidar 1438 spyware stealer

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26

Attributes

profile_id
1438

Targets

- Target
  
  400566d192aca40edf56b858214ed0b9.exe
- Size
  
  608KB
- MD5
  
  400566d192aca40edf56b858214ed0b9
- SHA1
  
  d6acd830e72934b4c8ad6cc8d4dac72f95568182
- SHA256
  
  9e5c7ec1fd704ef7fa6463ed839875ddc039f276bf8e0f866f228e275b349454
- SHA512
  
  6e1c412c910508f66a920ddd260dcd64b36a4c601a9816ebd7f8d656e43780daaf0da2309ebf3f3e56c82f760697028c43c4c24fd04bf5957ac6b097a26e5a4f
- SSDEEP
  
  12288:hQG1oZ0KtvusH5na1AMCkPwLpuWJpF2T4Pmc0jObZxNZXCRNRRS+0fMePJ:z1o5ngCkP4L90jOn6NRRSE6
Score

10^/10

vidar 1438 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1438stealer

behavioral2

vidar1438spywarestealer