vidar | bada7daeb7ad94d96b5d6ee9c7af6109049fe8533bfb693f9f6bf89e9a15ac13 | Triage

Submit
Reports

Overview

overview

Static

static

48bc23c628...35.exe

windows7-x64

48bc23c628...35.exe

windows10-2004-x64

Sharing

General

Target

48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135.zip
Size

4.8MB
Sample

221124-hqx1aaad4t
MD5

38a3d5c6dea850900917b1d1fb4eafd9
SHA1

8ca7b03463d5e5d94ab55296649a9195eb403984
SHA256

bada7daeb7ad94d96b5d6ee9c7af6109049fe8533bfb693f9f6bf89e9a15ac13
SHA512

6fdbbe0034b523b31d73a95039907f07479e8073ae01b3236565eaaa71b52d34d5a0b43ce17509bb2c2361a477a761b40934889276933afdc1742b8ebad9fa1d
SSDEEP

98304:JxZZxVyMG0xHKHeCD4Ajty4jdjbfa8dCFwoE71JuBo6qQz:JxfpGrx4ARy4jdTQFzERJuuGz

Score

10^/10

vidar 1364 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135.exe

Resource

win7-20220812-en

vidar 1364 discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135.exe

Resource

win10v2004-20221111-en

vidar 1364 discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.8

Botnet

1364

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes

profile_id
1364

Targets

- Target
  
  48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135
- Size
  
  401.8MB
- MD5
  
  5d6327408e44adf535cc87c1c5c6d798
- SHA1
  
  c10d3e5f24fdb7606cec6f3c4c1592357f5c3e94
- SHA256
  
  48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135
- SHA512
  
  7b4f87b3077bb25b75374ab1947365afe9d188b26ccd90a856bd8be2f2a66c917b19c42d60a87c0609157705887732a36d8ed2eff12645a4b6e88859b36d8b06
- SSDEEP
  
  98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8Kk:epNpVnQ3xrcBY2cMZhk
Score

10^/10

vidar 1364 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar1364discoveryspywarestealer

behavioral2

vidar1364discoveryspywarestealer

© 2018-2024

Terms | Privacy