vidar | 73a4ca1224bc4657443596157d3ce150bcd4b6dd32217f2467818c7efea4ee43 | Triage

Sharing

General

Target

0c615bf643adf8de5c843f709ead8a9e.exe
Size

615KB
Sample

221204-fxrezaaa92
MD5

0c615bf643adf8de5c843f709ead8a9e
SHA1

2890f1a178424574aaff0c9c50bdcec7bba7eec1
SHA256

73a4ca1224bc4657443596157d3ce150bcd4b6dd32217f2467818c7efea4ee43
SHA512

cfe2bc672228793a7d04173fe366b91bb7ce492ba7db3bafe09334dc2cd0f11460d75ab3810f52ba2b5192cbd4e3d443267853101b54a18e423063bbae502b0f
SSDEEP

12288:lr5URapBDnHf7BTvABrtt/S6TwmZd0z9wlNdqlDMj03hBcUlG:/Uw/tMB7/+idZDdqlY0RBcUM

Score

10^/10

vidar 1364 spyware stealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1364

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1364

Targets

- Target
  
  0c615bf643adf8de5c843f709ead8a9e.exe
- Size
  
  615KB
- MD5
  
  0c615bf643adf8de5c843f709ead8a9e
- SHA1
  
  2890f1a178424574aaff0c9c50bdcec7bba7eec1
- SHA256
  
  73a4ca1224bc4657443596157d3ce150bcd4b6dd32217f2467818c7efea4ee43
- SHA512
  
  cfe2bc672228793a7d04173fe366b91bb7ce492ba7db3bafe09334dc2cd0f11460d75ab3810f52ba2b5192cbd4e3d443267853101b54a18e423063bbae502b0f
- SSDEEP
  
  12288:lr5URapBDnHf7BTvABrtt/S6TwmZd0z9wlNdqlDMj03hBcUlG:/Uw/tMB7/+idZDdqlY0RBcUM
Score

10^/10

vidar 1364 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar1364spywarestealer