vidar | ce242ead59347522c60dfafc0b258a08449328691cf3742bc0a6fab5be9ba9d9 | Triage

Sharing

General

Target

file.exe
Size

368KB
Sample

230105-tx3pwsce77
MD5

72a188543585bf92a5d27d7d96577930
SHA1

883a046e79a4329cc05f904b82e270b0e31b96e6
SHA256

ce242ead59347522c60dfafc0b258a08449328691cf3742bc0a6fab5be9ba9d9
SHA512

260d76cf99ac63493e39b46e481d8783211fe15ddf1ca8689bcf80d60ce45fe870f81a33d5d64a8884ad5c9d3269cbe77faf721cb1f6381faf031949bc1610d6
SSDEEP

6144:Owz57pOFlpDofcQdKU8CvGJlcWwoKHL4YZUoWt6:Owz5UpMKbgWw5HcY

Score

10^/10

vidar 813 spyware stealer

Malware Config

Extracted

Family

vidar

Version

1.8

Botnet

813

C2

https://t.me/year2023start

https://steamcommunity.com/profiles/76561199467421923

Attributes

profile_id
813

Targets

- Target
  
  file.exe
- Size
  
  368KB
- MD5
  
  72a188543585bf92a5d27d7d96577930
- SHA1
  
  883a046e79a4329cc05f904b82e270b0e31b96e6
- SHA256
  
  ce242ead59347522c60dfafc0b258a08449328691cf3742bc0a6fab5be9ba9d9
- SHA512
  
  260d76cf99ac63493e39b46e481d8783211fe15ddf1ca8689bcf80d60ce45fe870f81a33d5d64a8884ad5c9d3269cbe77faf721cb1f6381faf031949bc1610d6
- SSDEEP
  
  6144:Owz57pOFlpDofcQdKU8CvGJlcWwoKHL4YZUoWt6:Owz5UpMKbgWw5HcY
Score

10^/10

vidar 813 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar813stealer

behavioral2

vidar813spywarestealer