vidar | a8a117848277be49d0756b1c2ae04baf8267f2035af0531e169b37c30b2788c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8a117848277be49d0756b1c2ae04baf8267f2035af0531e169b37c30b2788c2
Size

2.8MB
Sample

221101-mremjsahg9
MD5

136b522f3a174a52042918313d48940b
SHA1

7e959887053bbd861e105accf8570331f0c0582d
SHA256

a8a117848277be49d0756b1c2ae04baf8267f2035af0531e169b37c30b2788c2
SHA512

a56c11f7d7650300627ec48fcd5cef5e8f5c2a34426067154cd09c3b05e9f77f839a8d43ccbdd544456bace3c66850e7e3eeb9568cec8a31a592efe6e0e99722
SSDEEP

49152:hFz7093AgJYjLEsUPnhW/kW9H8ZT7kJ6ll39:hFz7093AgJYfxw8kDZT7kJg

Score

10^/10

vidar spyware stealer

Malware Config

Targets

- Target
  
  a8a117848277be49d0756b1c2ae04baf8267f2035af0531e169b37c30b2788c2
- Size
  
  2.8MB
- MD5
  
  136b522f3a174a52042918313d48940b
- SHA1
  
  7e959887053bbd861e105accf8570331f0c0582d
- SHA256
  
  a8a117848277be49d0756b1c2ae04baf8267f2035af0531e169b37c30b2788c2
- SHA512
  
  a56c11f7d7650300627ec48fcd5cef5e8f5c2a34426067154cd09c3b05e9f77f839a8d43ccbdd544456bace3c66850e7e3eeb9568cec8a31a592efe6e0e99722
- SSDEEP
  
  49152:hFz7093AgJYjLEsUPnhW/kW9H8ZT7kJ6ll39:hFz7093AgJYfxw8kDZT7kJg
Score

10^/10

vidar spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarspywarestealer

behavioral2

vidarspywarestealer