vidar | fb2ef1a23aa1b96181abca7cfe5bb6d3a596b231827fc47e987e5eace32ce492 | Triage

Sharing

General

Target

a769dd83f6ccc4d3d10909e05db8a6a5.bin
Size

6.5MB
Sample

230130-xyn5nsde6w
MD5

4dddde1b6dbcf3062b820d3f9c6c137f
SHA1

d30d9d72cd38a7ddc837bc2952f98bd84b921e21
SHA256

fb2ef1a23aa1b96181abca7cfe5bb6d3a596b231827fc47e987e5eace32ce492
SHA512

abaf29a21aa0ffa7ab0070356ec3b7b9ff7931236509648c8993a7e8aff5728670b951f965c6f797971bc3717b762170cdb29bb3b7b8b6f30cf8f90013e050aa
SSDEEP

196608:z96vWb290bFRGdTLJkSn5xh2+X5kWJtKSwym:x6vW20bFYdTLjfhPHESwym

Score

10^/10

vidar 724 stealer

Malware Config

Extracted

Family

vidar

Version

1.9

Botnet

724

C2

https://t.me/travelticketshop

https://steamcommunity.com/profiles/76561199469016299

Attributes

profile_id
724

Targets

- Target
  
  c75896d6b6b174b67da677111e492a91a36f26db73990d199ec4d3ef7fefed42.exe
- Size
  
  8.0MB
- MD5
  
  a769dd83f6ccc4d3d10909e05db8a6a5
- SHA1
  
  f0e8c223c4abb4eb7add861e07db673b2b24f940
- SHA256
  
  c75896d6b6b174b67da677111e492a91a36f26db73990d199ec4d3ef7fefed42
- SHA512
  
  4d95f026f0c7015e6e79b4473f961f10a7913253722c15390b6341881405e949177eb4b25011b3c52964cbf2391a250aaf0c3b2a24abbb2a2427a5fe684e1945
- SSDEEP
  
  98304:3HJq9puM6Wlfn1Wx1njeWEo8llaf7dWYmjs97sOqsR3AEz/HGwJJXW4SS5eh26:389puMHfm1jedD7aP9B/3Tz/HGOWMeo
Score

10^/10

vidar 724 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar724stealer