vidar | 334fb1c3def58d304673a7be8b63399d481bc45a8c33567003c09784efd16ebd | Triage

Sharing

General

Target

file.exe
Size

1.3MB
Sample

221024-mpdbpsgbek
MD5

34bdb9a0cc7686903eec49ef2cc1e7cf
SHA1

7d4acfd37ce4a498c85a2b7b8ff6d70a4aec557a
SHA256

334fb1c3def58d304673a7be8b63399d481bc45a8c33567003c09784efd16ebd
SHA512

04847f2fd28c4561020d3f339788c1e0e2e7ae90093a8d22068c3e2af21e0db375711b1774570858c5575d241d1b902f022e0b118a53a5f64b0805c016ac3317
SSDEEP

24576:pUHVoXYRYznhf1Mx0/YB1yR1SndVJEh/up3W22IJUCZw2bjy:OHVycnZt3WaJfy

Score

10^/10

vidar 937 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  file.exe
- Size
  
  1.3MB
- MD5
  
  34bdb9a0cc7686903eec49ef2cc1e7cf
- SHA1
  
  7d4acfd37ce4a498c85a2b7b8ff6d70a4aec557a
- SHA256
  
  334fb1c3def58d304673a7be8b63399d481bc45a8c33567003c09784efd16ebd
- SHA512
  
  04847f2fd28c4561020d3f339788c1e0e2e7ae90093a8d22068c3e2af21e0db375711b1774570858c5575d241d1b902f022e0b118a53a5f64b0805c016ac3317
- SSDEEP
  
  24576:pUHVoXYRYznhf1Mx0/YB1yR1SndVJEh/up3W22IJUCZw2bjy:OHVycnZt3WaJfy
Score

10^/10

vidar 937 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar937spywarestealer

behavioral2

vidar937spywarestealer