vidar | a82233462d4e1536d8d126e668070e141baabe29c8d531fb7ef7117c6de1cbc5 | Triage

Sharing

General

Target

a82233462d4e1536d8d126e668070e141baabe29c8d531fb7ef7117c6de1cbc5
Size

488KB
Sample

221025-1791aaeae5
MD5

3b23c453216cd5a1ab6ad6f8410ade34
SHA1

e1a98882ce61dfd6185e82f36fd5ae43c582da69
SHA256

a82233462d4e1536d8d126e668070e141baabe29c8d531fb7ef7117c6de1cbc5
SHA512

9f96ce4f155c4e93b05d851b3e0ff050a00e37bcb2a54ac9c8a187a8f196926a190005c76e94f747d3d63351a47a309c42cc5023ab1f03972c6e9f58ae8db7be
SSDEEP

12288:jNUOh71MvMOpWtvWmn1BRGX3e3n6VLSDfR27cJd:hH7EXqRGHe3nULCI7cJ

Score

10^/10

vidar 1707 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

1707

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1707

Targets

- Target
  
  a82233462d4e1536d8d126e668070e141baabe29c8d531fb7ef7117c6de1cbc5
- Size
  
  488KB
- MD5
  
  3b23c453216cd5a1ab6ad6f8410ade34
- SHA1
  
  e1a98882ce61dfd6185e82f36fd5ae43c582da69
- SHA256
  
  a82233462d4e1536d8d126e668070e141baabe29c8d531fb7ef7117c6de1cbc5
- SHA512
  
  9f96ce4f155c4e93b05d851b3e0ff050a00e37bcb2a54ac9c8a187a8f196926a190005c76e94f747d3d63351a47a309c42cc5023ab1f03972c6e9f58ae8db7be
- SSDEEP
  
  12288:jNUOh71MvMOpWtvWmn1BRGX3e3n6VLSDfR27cJd:hH7EXqRGHe3nULCI7cJ
Score

10^/10

vidar 1707 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1707spywarestealer

behavioral2

vidar1707spywarestealer