vidar | 9463f28e07f665446e8702ec76aa02646f8efc1a9040a2201d6d256c77c8cd87 | Triage

Sharing

General

Target

838b8b5fc2cc64655d3e2930faf5f999.exe
Size

488KB
Sample

221030-eynj2abha9
MD5

838b8b5fc2cc64655d3e2930faf5f999
SHA1

60021758441f610962aa64c115c4b6e5af757382
SHA256

9463f28e07f665446e8702ec76aa02646f8efc1a9040a2201d6d256c77c8cd87
SHA512

da7765fc5863948b8e57b8582525eb93edc4aa2cf1905e88615d72c56179c4f6f9ddee9a1a536ad52e5cabecb3b5243956131ba063a277629c9047278f1a5845
SSDEEP

12288:cZyxgC7ZXmsNoJrtRqOcjwh+T2qoLeqhfwGhj:cAz7/yrtbYwh+No55

Score

10^/10

vidar 1707 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.2

Botnet

1707

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1707

Targets

- Target
  
  838b8b5fc2cc64655d3e2930faf5f999.exe
- Size
  
  488KB
- MD5
  
  838b8b5fc2cc64655d3e2930faf5f999
- SHA1
  
  60021758441f610962aa64c115c4b6e5af757382
- SHA256
  
  9463f28e07f665446e8702ec76aa02646f8efc1a9040a2201d6d256c77c8cd87
- SHA512
  
  da7765fc5863948b8e57b8582525eb93edc4aa2cf1905e88615d72c56179c4f6f9ddee9a1a536ad52e5cabecb3b5243956131ba063a277629c9047278f1a5845
- SSDEEP
  
  12288:cZyxgC7ZXmsNoJrtRqOcjwh+T2qoLeqhfwGhj:cAz7/yrtbYwh+No55
Score

10^/10

vidar 1707 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1707spywarestealer

behavioral2

vidar1707stealer