vidar | 9d922444b2e91da8a44dbfb03637dc2b35468bddba5871034e10dcea9ced6efa | Triage

Sharing

General

Target

d25682fcd8c3d61bee85eb504e6f2cfe.exe
Size

615KB
Sample

221206-rhvdvsec72
MD5

d25682fcd8c3d61bee85eb504e6f2cfe
SHA1

6311f73bddb89a436a4a441b05b49b781b47b53f
SHA256

9d922444b2e91da8a44dbfb03637dc2b35468bddba5871034e10dcea9ced6efa
SHA512

48da599c8783bdc11da9b6ce275ce26429815d31d9d3191e30d814c906c67c18325457b26987a1e2f17da1064f19aa4145986a2cbb49c82a7ff9d1cfe3414f6c
SSDEEP

12288:w8UEVeVaqaHBSeNiyiK7XVCtosfKxJF/6m:kaqwnNiyiK7FCtoQKx31

Score

10^/10

vidar 1364 spyware stealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1364

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1364

Targets

- Target
  
  d25682fcd8c3d61bee85eb504e6f2cfe.exe
- Size
  
  615KB
- MD5
  
  d25682fcd8c3d61bee85eb504e6f2cfe
- SHA1
  
  6311f73bddb89a436a4a441b05b49b781b47b53f
- SHA256
  
  9d922444b2e91da8a44dbfb03637dc2b35468bddba5871034e10dcea9ced6efa
- SHA512
  
  48da599c8783bdc11da9b6ce275ce26429815d31d9d3191e30d814c906c67c18325457b26987a1e2f17da1064f19aa4145986a2cbb49c82a7ff9d1cfe3414f6c
- SSDEEP
  
  12288:w8UEVeVaqaHBSeNiyiK7XVCtosfKxJF/6m:kaqwnNiyiK7FCtoQKx31
Score

10^/10

vidar 1364 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vidar1364spywarestealer