vidar | 29dc4071c3232c5cd82186be9155bd7288bc4eb4013159ceaed06da36ef29607 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup_parsed.exe
Size

1.4MB
Sample

221030-tfqc8shbb7
MD5

c1d4a46772da836ea329a74d42aa9baf
SHA1

19326d11451447f823b637424b8ebb856d2508a8
SHA256

29dc4071c3232c5cd82186be9155bd7288bc4eb4013159ceaed06da36ef29607
SHA512

4bd8ad1f24d3eade753bfda80a2697668bdd46a406e87e963cc8cd24039c97e43ef0f23e44965b8b20e0d5319c076e2a606b8edf6f2c0db6a51f9f252339d866
SSDEEP

24576:54+4avH3vkdECpW//MUx/XEyoY6YifYmiXMDZdsAdcLrHK2Kd7vUCCHZgjnV4Kep:K+4CH38dtpy/M0fEMNgqmngtwTg

Score

10^/10

vidar 1375 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.3

Botnet

1375

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1375

Targets

- Target
  
  setup_parsed.exe
- Size
  
  1.4MB
- MD5
  
  c1d4a46772da836ea329a74d42aa9baf
- SHA1
  
  19326d11451447f823b637424b8ebb856d2508a8
- SHA256
  
  29dc4071c3232c5cd82186be9155bd7288bc4eb4013159ceaed06da36ef29607
- SHA512
  
  4bd8ad1f24d3eade753bfda80a2697668bdd46a406e87e963cc8cd24039c97e43ef0f23e44965b8b20e0d5319c076e2a606b8edf6f2c0db6a51f9f252339d866
- SSDEEP
  
  24576:54+4avH3vkdECpW//MUx/XEyoY6YifYmiXMDZdsAdcLrHK2Kd7vUCCHZgjnV4Kep:K+4CH38dtpy/M0fEMNgqmngtwTg
Score

10^/10

vidar 1375 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1375spywarestealer

behavioral2

vidar1375spywarestealer