vidar | 4c68c3d24992f1cf77a815f168d3a6c778525ba535d0941f93784778c6340b3f | Triage

Sharing

General

Target

12ac42befa41f910c3598879ea7d0c6b.exe
Size

488KB
Sample

221029-ttmt9seab4
MD5

12ac42befa41f910c3598879ea7d0c6b
SHA1

086b2499b96136730ef5183b316c5eed625d42cc
SHA256

4c68c3d24992f1cf77a815f168d3a6c778525ba535d0941f93784778c6340b3f
SHA512

71eee69be297d2b18e98e5b1f46b876e35c7d848630f100e37684cb6a79378b34dbda12ec2e888d9912ce460ee8769cf55492631ddf98767106e5cdce9e62330
SSDEEP

12288:5i6ICN7QkjMh3Pe/khrqAoM1SPb+7D0sqtP1h9rKpvOdywu:5z7Q4Iqm4tEpvWyp

Score

10^/10

vidar 1707 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

1707

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1707

Targets

- Target
  
  12ac42befa41f910c3598879ea7d0c6b.exe
- Size
  
  488KB
- MD5
  
  12ac42befa41f910c3598879ea7d0c6b
- SHA1
  
  086b2499b96136730ef5183b316c5eed625d42cc
- SHA256
  
  4c68c3d24992f1cf77a815f168d3a6c778525ba535d0941f93784778c6340b3f
- SHA512
  
  71eee69be297d2b18e98e5b1f46b876e35c7d848630f100e37684cb6a79378b34dbda12ec2e888d9912ce460ee8769cf55492631ddf98767106e5cdce9e62330
- SSDEEP
  
  12288:5i6ICN7QkjMh3Pe/khrqAoM1SPb+7D0sqtP1h9rKpvOdywu:5z7Q4Iqm4tEpvWyp
Score

10^/10

vidar 1707 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1707spywarestealer

behavioral2

vidar1707spywarestealer