vidar | 1d3c1417ec5e609e591100966d291f888f6f4feb255a5ffaa9b75d1f9d2c1a26 | Triage

Sharing

General

Target

1d3c1417ec5e609e591100966d291f888f6f4feb255a5ffaa9b75d1f9d2c1a26
Size

373KB
Sample

221030-hr4t8ahear
MD5

c527971eeba174c1005267f4cb1f0f79
SHA1

fa205ffa3464f2d2f6a4b554b6ad0f6b131a1592
SHA256

1d3c1417ec5e609e591100966d291f888f6f4feb255a5ffaa9b75d1f9d2c1a26
SHA512

8cd3533978e12d29fc9a8e5b461135f26d061ab2cc020f39f01ddd6fbfeae6f897a907e9bae4c85025e82bdf86fa87173e4bfde4a1c90957add0e0f8852faa08
SSDEEP

6144:X9Uav7QLCufLC4bW/3qm6jvqf/cyOAXeQS3smhco8TQ5RnsH4cOrX:NUaEDLbW/3Z6jvqXHOrThc7QdrX

Score

10^/10

vidar 937 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.3

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  1d3c1417ec5e609e591100966d291f888f6f4feb255a5ffaa9b75d1f9d2c1a26
- Size
  
  373KB
- MD5
  
  c527971eeba174c1005267f4cb1f0f79
- SHA1
  
  fa205ffa3464f2d2f6a4b554b6ad0f6b131a1592
- SHA256
  
  1d3c1417ec5e609e591100966d291f888f6f4feb255a5ffaa9b75d1f9d2c1a26
- SHA512
  
  8cd3533978e12d29fc9a8e5b461135f26d061ab2cc020f39f01ddd6fbfeae6f897a907e9bae4c85025e82bdf86fa87173e4bfde4a1c90957add0e0f8852faa08
- SSDEEP
  
  6144:X9Uav7QLCufLC4bW/3qm6jvqf/cyOAXeQS3smhco8TQ5RnsH4cOrX:NUaEDLbW/3Z6jvqXHOrThc7QdrX
Score

10^/10

vidar 937 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar937discoveryspywarestealer