vidar | 9b0e3f676d8db16a09b3e1aba66d8400db2f6e25fadccdb5bd5dd5f10c244535 | Triage

Sharing

General

Target

AdobePhotoshop2022.rar
Size

5.1MB
Sample

221123-lwdelsfg8z
MD5

e84f597870244d0426ba1be2b4428caf
SHA1

22b47eef7ed082f76139aa6ab8b13d66477da971
SHA256

9b0e3f676d8db16a09b3e1aba66d8400db2f6e25fadccdb5bd5dd5f10c244535
SHA512

9dc257e09d757fdb8ab8b17db8afffbaadf95f5b3efe17192c66f828e921d3777d39c2d4fb1efc20b061f3c4533041da239e1266c4970029409b5255d52a04db
SSDEEP

98304:qgMXx9bmv31eAPC/zrsezLEiNwxoImWijPo30CoG6nWiAoJ8so5ugAaIV:qxXvmv0Wazrt0iGxoImDjal6nDAoKsos

Score

10^/10

vidar 1375 spyware stealer

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1375

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1375

Targets

- Target
  
  setup.exe
- Size
  
  761.7MB
- MD5
  
  026f00beb4df468d3ea64ecbcc112e91
- SHA1
  
  e9b4254225f79d5acfd4a14707b9c62d9abb871f
- SHA256
  
  eda7470f276c268f23e4e52e26db58e768159662160f84a2c95aee45f059e96f
- SHA512
  
  77eda8c77337a53ac7d060122ca9dac2ac19bbad57a3640eb2734a14e1e84d5b670d3bdb1f399ded2f6024ba83ff438e90608082149cb7cd02fd5c39b37ad2db
- SSDEEP
  
  6144:E1DWWl1mETFUMDo3v02vdzLZCpQeCIui9HPOB/8XJFKWJcp/mkhW0ShbZgl4k:A11JrSIuIHPOB/3WJcp/g3k
Score

10^/10

vidar 1375 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  x32.dll
- Size
  
  4.8MB
- MD5
  
  d9b78f4b2f8f393c8854c7cc95eae5d8
- SHA1
  
  8d648e7bda5b6bf7b02041189b9823fe8d4689e5
- SHA256
  
  55faebb8f5e28cde50f561bbd2638db7edcfd26e7ee7b975e0049b113145ae38
- SHA512
  
  6e76b524a56cc9bb5ae4beeedd41a48c35cf03c730752da3cae49862cb7bc3c17283099c39787f5933c1771eca7c2e651d92b961de7f43813f026eb295c90c81
- SSDEEP
  
  49152:PcLeg66Ry8jdAYbppzo7Tzj1/JrRbkwW6Ydzzr3YCWizxCqDRkU9i4g1/JAyn:kLrBpr1o7bRyfdzzxz0NTA4
Score

1^/10
behavioral3 behavioral4
- Target
  
  x64.dll
- Size
  
  14.5MB
- MD5
  
  3bd5aea364326cdfa667651a93e7a4c9
- SHA1
  
  f33b4a83e038363c1a4df919e6f6e0e41dba9334
- SHA256
  
  23f04ba936568e9a7c9dce7a6beb52c9be7eb13b734cd390c99e7546cbe1973d
- SHA512
  
  7bd4e742b4d683b79de54eaf7d8b215252212921b8a53d1fbfc8e51ce43505c003da62fd126663bc04bbc65b8f77b85232c78ea6ecba8a4e425c28c0e9c80dc3
- SSDEEP
  
  393216:00Rly5ZnSHLe1tvwDTtwJuefdrX780dNYbg4A358TjGNrS1aKbBICZBSJLGWIGC2:NRlyP71tvwDTtwJuefdrX780dNYbg4Az
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1375spywarestealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6