vidar | 85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb | Triage

Sharing

General

Target

Setup.exe
Size

761.7MB
Sample

221123-lj5ckabe83
MD5

f0debc46a47f40bbffbf8d563973a0f5
SHA1

62182857b58cddee7903f66710ed0d7827e0d35d
SHA256

85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
SHA512

7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
SSDEEP

12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI

Score

10^/10

vidar 1375 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1375

C2

https://t.me/deadftx

https://www.tiktok.com/@user6068972597711

Attributes

profile_id
1375

Targets

- Target
  
  Setup.exe
- Size
  
  761.7MB
- MD5
  
  f0debc46a47f40bbffbf8d563973a0f5
- SHA1
  
  62182857b58cddee7903f66710ed0d7827e0d35d
- SHA256
  
  85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
- SHA512
  
  7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
- SSDEEP
  
  12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI
Score

10^/10

vidar 1375 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1375spywarestealer

behavioral2

vidar1375spywarestealer

behavioral3

vidar1375stealer