vidar | 33736e8940993c97705403cdbef1ceacb862b4a2fd126cd99b58718b937a9362 | Triage

Sharing

General

Target

d311d95c1cbae9b5a21e2c52995a2ae6.exe
Size

375KB
Sample

220911-hj7wxabbc5
MD5

d311d95c1cbae9b5a21e2c52995a2ae6
SHA1

e6334f2bd1a4fc2926acff2888abb6835605ce70
SHA256

33736e8940993c97705403cdbef1ceacb862b4a2fd126cd99b58718b937a9362
SHA512

abe975a92068a9a77f9e0bff43bc12d66f330e2ae92edc45abc1367168c61477cf6fcba1368e20467576f473aca7d09ad14c97d3417b557f26fb79221a4bcf24
SSDEEP

6144:HhtAlyCzt2Lmi0WCQD4erl+IPNqh/cDluYEBKTm46X0V77AoHuASdOX:HhtAPMmi0WCqvrl+IlNl/EkTmfEVdsOX

Score

10^/10

vidar 1438 spyware stealer

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26

Attributes

profile_id
1438

Targets

- Target
  
  d311d95c1cbae9b5a21e2c52995a2ae6.exe
- Size
  
  375KB
- MD5
  
  d311d95c1cbae9b5a21e2c52995a2ae6
- SHA1
  
  e6334f2bd1a4fc2926acff2888abb6835605ce70
- SHA256
  
  33736e8940993c97705403cdbef1ceacb862b4a2fd126cd99b58718b937a9362
- SHA512
  
  abe975a92068a9a77f9e0bff43bc12d66f330e2ae92edc45abc1367168c61477cf6fcba1368e20467576f473aca7d09ad14c97d3417b557f26fb79221a4bcf24
- SSDEEP
  
  6144:HhtAlyCzt2Lmi0WCQD4erl+IPNqh/cDluYEBKTm46X0V77AoHuASdOX:HhtAPMmi0WCqvrl+IlNl/EkTmfEVdsOX
Score

10^/10

vidar 1438 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1438stealer

behavioral2

vidar1438spywarestealer