vidar

General

Target

2d5d2dce7139ef4c2fe4547df8f55adf.exe
Size

5.0MB
Sample

221006-khkq4aggb4
MD5

2d5d2dce7139ef4c2fe4547df8f55adf
SHA1

bbafa5abc94e048c8a15a2e1a634a15d2fc0dabd
SHA256

1a7e5e2d33b3f74fbae9e13f0494dbf29f517572180666589674a328595c27d1
SHA512

67217b3a162b023e5dd3cf5c0105faffa00599f5b81006b59d7f1b199c5a2cc91b15ce6026a6e82fccf9ae5a5a9be59b987efab3714f2471ac00cb803deaf276
SSDEEP

98304:ABqDwDNCq+8BechdfgHB2gP9kVn0aWAxo7iL/6oPytYb4Bvueil82:AS4Cq7eh2gP9PAxwoPiB2h82

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1281

C2

https://t.me/blablblsdfd

Attributes

profile_id
1281

Targets

- Target
  
  2d5d2dce7139ef4c2fe4547df8f55adf.exe
- Size
  
  5.0MB
- MD5
  
  2d5d2dce7139ef4c2fe4547df8f55adf
- SHA1
  
  bbafa5abc94e048c8a15a2e1a634a15d2fc0dabd
- SHA256
  
  1a7e5e2d33b3f74fbae9e13f0494dbf29f517572180666589674a328595c27d1
- SHA512
  
  67217b3a162b023e5dd3cf5c0105faffa00599f5b81006b59d7f1b199c5a2cc91b15ce6026a6e82fccf9ae5a5a9be59b987efab3714f2471ac00cb803deaf276
- SSDEEP
  
  98304:ABqDwDNCq+8BechdfgHB2gP9kVn0aWAxo7iL/6oPytYb4Bvueil82:AS4Cq7eh2gP9PAxwoPiB2h82
Score

10^/10

vidar 1281 discovery spyware stealer vmprotect
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

VMProtect packed file

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2