vidar | b7b29e8e6cfdbf611bbd6b9849db3c9c405b347fac22e76fedb4c6de963332ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7b29e8e6cfdbf611bbd6b9849db3c9c405b347fac22e76fedb4c6de963332ea
Size

2.7MB
Sample

221101-m2eejacafj
MD5

d0df089e012c534ebe257b10b818f318
SHA1

bbfdd4d5090498651d1b9eb90be00930de1eb972
SHA256

b7b29e8e6cfdbf611bbd6b9849db3c9c405b347fac22e76fedb4c6de963332ea
SHA512

2cf96ccd83528670569c72185b79ad1b2ee290967e5aac00bbeb55b1f65e47376fa1592f8924cacad1691bd74bb70677bfe39352ae070a7a31c0158c744808c4
SSDEEP

24576:lLvfGrfJVGYOYfKGtID0MnKGdoAVPvq33jpvk4y4vaswuyLcGYzy3+dl3RuQ553P:lDOrfJVuXYjpbvaswuyCxdl3D

Score

10^/10

vidar 1375 stealer

Malware Config

Extracted

Family

vidar

Version

53.5

Botnet

1375

C2

https://t.me/pegasusfly1

https://mas.to/@pavlenko349

Attributes

profile_id
1375

Targets

- Target
  
  b7b29e8e6cfdbf611bbd6b9849db3c9c405b347fac22e76fedb4c6de963332ea
- Size
  
  2.7MB
- MD5
  
  d0df089e012c534ebe257b10b818f318
- SHA1
  
  bbfdd4d5090498651d1b9eb90be00930de1eb972
- SHA256
  
  b7b29e8e6cfdbf611bbd6b9849db3c9c405b347fac22e76fedb4c6de963332ea
- SHA512
  
  2cf96ccd83528670569c72185b79ad1b2ee290967e5aac00bbeb55b1f65e47376fa1592f8924cacad1691bd74bb70677bfe39352ae070a7a31c0158c744808c4
- SSDEEP
  
  24576:lLvfGrfJVGYOYfKGtID0MnKGdoAVPvq33jpvk4y4vaswuyLcGYzy3+dl3RuQ553P:lDOrfJVuXYjpbvaswuyCxdl3D
Score

10^/10

vidar 1375 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

vidar1375stealer

behavioral2

vidar1375stealer