vidar | b1409e4164653c84aa885d412ce263d7fdf16686bb3553c4e2ab6730e717baf0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

7.3MB
Sample

230111-3rp2aaae9s
MD5

d9edd0eca0ce1dc5479efbc4fabe5555
SHA1

b822e11a02989c9240e9e472a698193b4bb430d9
SHA256

b1409e4164653c84aa885d412ce263d7fdf16686bb3553c4e2ab6730e717baf0
SHA512

650294c8c273ff3ce637cb4e2f7cf77b44160fdf1bb9f96c8fc4bc6ab1c2ed3e1c448372cbd5a226250c1247fb808e9660852a95a9711decd54d7c6cdd221efb
SSDEEP

98304:1gpoabPh5DbADay2pNRaH7+YDxUh/9errWeq3zQAtS:1g6arhJADHMCHyYDy4Pnq3zlt

Score

10^/10

vidar 595 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2

Botnet

595

C2

https://t.me/tgdatapacks

https://steamcommunity.com/profiles/76561199469677637

Attributes

profile_id
595

Targets

- Target
  
  file.exe
- Size
  
  7.3MB
- MD5
  
  d9edd0eca0ce1dc5479efbc4fabe5555
- SHA1
  
  b822e11a02989c9240e9e472a698193b4bb430d9
- SHA256
  
  b1409e4164653c84aa885d412ce263d7fdf16686bb3553c4e2ab6730e717baf0
- SHA512
  
  650294c8c273ff3ce637cb4e2f7cf77b44160fdf1bb9f96c8fc4bc6ab1c2ed3e1c448372cbd5a226250c1247fb808e9660852a95a9711decd54d7c6cdd221efb
- SSDEEP
  
  98304:1gpoabPh5DbADay2pNRaH7+YDxUh/9errWeq3zQAtS:1g6arhJADHMCHyYDy4Pnq3zlt
Score

10^/10

vidar 595 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar595stealer

behavioral2

vidar595spywarestealer