vidar | 63171dabed97ed86421a9ac441a9fd10ec5424be279e07c7d9639b2470c88f20 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows10-1703-x64

Sharing

General

Target

Setup.rar
Size

4.2MB
Sample

221124-dlmxasgd5t
MD5

1b3ec1ccab066de155bce7ad3cc72f7b
SHA1

e514a4add5b788854bf8fdb266f16cee2b6a9da7
SHA256

63171dabed97ed86421a9ac441a9fd10ec5424be279e07c7d9639b2470c88f20
SHA512

ccfedadd87e3554db57d6f365176a7bbee87a3f35aa6b0a02120a898d33bb21548698809254937bd49816b1622ceabea190f24f542a1403c9aa00e43095ca1c7
SSDEEP

49152:UPGzSXeWLLn0cPsyxDcDyv2NbefywwXYk3m/vfQT0HHMnnG+lVi+ucJJIdLBgllG:gGzcL70dySNbeiok3m/m9VrJ8LBgllGb

Score

10^/10

vidar 1707 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10-20220901-en

vidar 1707 discovery spyware stealer

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1707

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1707

Targets

- Target
  
  Setup.exe
- Size
  
  401.8MB
- MD5
  
  f5513bd3e4645115637ed30606a227b8
- SHA1
  
  1ed3ca65a169433be8d243ddd5594f62f68bf9b5
- SHA256
  
  a582faf1a02f9216f14d1fe7230b46ad561790c7c4166110ee662d68d518aca3
- SHA512
  
  052f1dab6094ac8445bae2a86c3f0cd406e36c59ac6a3016aebd7e5f44d753310a8a6c53c6a3b791e74a7b7d17ce2dd5244a17223edfa690f63a4b027e8ae0ea
- SSDEEP
  
  98304:RO7TFBG5EAqirNsd5/G9h4djD/stK3as3uDZSbBbKBrEF63:+pBG5xNsXGv43+DPrEF63
Score

10^/10

vidar 1707 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1707discoveryspywarestealer

© 2018-2024

Terms | Privacy