vidar | 755e0cf8d26a723b697ab65a8bcd4a5d2131e0971a3ac959310167a0cae1e622 | Triage

Sharing

General

Target

library_1.exe
Size

625KB
Sample

221111-g4b5ashgg2
MD5

d98931d0f091bb718be7823941c58ab7
SHA1

0102adeffa936f66cf1bcbb34d1794270668a8ec
SHA256

755e0cf8d26a723b697ab65a8bcd4a5d2131e0971a3ac959310167a0cae1e622
SHA512

b04ea7d29190059abd5473346718d0e1d63c4ae788e53b96123179981504987bea66646c9ffaf7aa2079fc52940880509ce58afdf5d2a676a90326919a234ec6
SSDEEP

12288:K+HXuuiMofnO1V5+XdlA+Ff1frK/lGRgOUqmq9kR6lhKX6E5UsZLCjZn+Z3N:hHXubZ/O1Af1frK/cRgOnmq9g6XEm7Zu

Score

10^/10

vidar 1707 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.5

Botnet

1707

C2

https://t.me/tg_turgay

https://ioc.exchange/@xiteb15011

Attributes

profile_id
1707

Targets

- Target
  
  library_1.exe
- Size
  
  625KB
- MD5
  
  d98931d0f091bb718be7823941c58ab7
- SHA1
  
  0102adeffa936f66cf1bcbb34d1794270668a8ec
- SHA256
  
  755e0cf8d26a723b697ab65a8bcd4a5d2131e0971a3ac959310167a0cae1e622
- SHA512
  
  b04ea7d29190059abd5473346718d0e1d63c4ae788e53b96123179981504987bea66646c9ffaf7aa2079fc52940880509ce58afdf5d2a676a90326919a234ec6
- SSDEEP
  
  12288:K+HXuuiMofnO1V5+XdlA+Ff1frK/lGRgOUqmq9kR6lhKX6E5UsZLCjZn+Z3N:hHXubZ/O1Af1frK/cRgOnmq9g6XEm7Zu
Score

10^/10

vidar 1707 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1707spywarestealer

behavioral2

vidar1707spywarestealer