vidar

General

Target

9e053d7f64032a506a55bc67afbf5556.bin
Size

256KB
Sample

230116-1myrhshh9v
MD5

48fa341cd278d8c39c7bdb5297e970dc
SHA1

9027657d9abfd3f48a34e0bb19c2f3878bb2bd42
SHA256

4892d95e8c3eb2b49b440d32515aee4842935057143cef29ae7dd1d1d1aa19ca
SHA512

49f5536de407a47fd4ec9d2c405df0aeed9c2d8ed3d549d205b1c1f0e98de7a541ca843a70d49d9e6d6baeda0c0c5807a80b110539032be6fd3b01579e04a7ec
SSDEEP

6144:Vqd0RvjKggqQwiP9VHOVDJQJFqcv5n8K69gEyF6c:VvRGggDPzuVDJQJFZ5nr69gXF6c

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

1.6

Botnet

24

C2

https://t.me/ibommat

https://steamcommunity.com/profiles/76561199446766594

Attributes

profile_id
24

Targets

- Target
  
  5c6da74665a1d13afccd66d58dc20163744abad7cb8d20f06dfce481b6459a9d.exe
- Size
  
  348KB
- MD5
  
  9e053d7f64032a506a55bc67afbf5556
- SHA1
  
  4763f3511fb9041aecd7994f285d40074069ee4b
- SHA256
  
  5c6da74665a1d13afccd66d58dc20163744abad7cb8d20f06dfce481b6459a9d
- SHA512
  
  15585665d1d4b0e8699cacedcbe922aac3db6378586bd16835854dcbcd1e83474c3a73cc6389487f6c26d8aabb31d24d916b43168414c9f09eed8df939458392
- SSDEEP
  
  6144:OCLZhrrWU1OipsHXHFpYcFqpPHJ/QULWEGymI:DthDpsHXlpYcFgVmgm
Score

10^/10

vidar 24 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2