vidar | 292234b4e44187b5549566ead6297f05dc6b40310e4f1b1384ce190a79891117 | Triage

Sharing

General

Target

file.exe
Size

623KB
Sample

221203-qxyjdsed44
MD5

b222f2f0919a0ac896e3f83f3b9b6003
SHA1

37670412f4b98641407944b86df43f40bc23a67f
SHA256

292234b4e44187b5549566ead6297f05dc6b40310e4f1b1384ce190a79891117
SHA512

ac1ed8f225c1aabfb18ef2c773cc42dc0972391760ca0fa50ba58602bbfecb9c113eed0fcb5685d3719b4dd936bff2e21cf8da887ff83b78ccc1af4097244964
SSDEEP

12288:FsJ5/WfL8JGhhC7OiTa8g5MdNXLSR6ESvzY:Fw+8JGOac909CY

Score

10^/10

vidar 1679 spyware stealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1679

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1679

Targets

- Target
  
  file.exe
- Size
  
  623KB
- MD5
  
  b222f2f0919a0ac896e3f83f3b9b6003
- SHA1
  
  37670412f4b98641407944b86df43f40bc23a67f
- SHA256
  
  292234b4e44187b5549566ead6297f05dc6b40310e4f1b1384ce190a79891117
- SHA512
  
  ac1ed8f225c1aabfb18ef2c773cc42dc0972391760ca0fa50ba58602bbfecb9c113eed0fcb5685d3719b4dd936bff2e21cf8da887ff83b78ccc1af4097244964
- SSDEEP
  
  12288:FsJ5/WfL8JGhhC7OiTa8g5MdNXLSR6ESvzY:Fw+8JGOac909CY
Score

10^/10

vidar 1679 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar1679spywarestealer