vidar | ce8686036516da3a149882c1c99e0a5b3a3ea86e75ce76fde7d1ccd91f31f13b | Triage

Sharing

General

Target

FlStudio20.9.2.rar
Size

10.3MB
Sample

230201-1s8tnsee4z
MD5

17122567d07d08eea01304c741278018
SHA1

8f41515cf81e5b3011e5462dff5779c28c7e0ddb
SHA256

ce8686036516da3a149882c1c99e0a5b3a3ea86e75ce76fde7d1ccd91f31f13b
SHA512

62f3596b68bde9ca68b2e53a8cfea37c5df3af44bb249587fc6a938b4c8ddb2d1848ee09b1f437acff4b035357c918309c54d3fadb09360c618321d336bdd302
SSDEEP

196608:oBbUj4hNgFQnMVXkC13OcKBwJzeXmxlSHJiTeGR9Y8LI0J3KqZLxD7HU:o6j4hSXTFKBUze0oiT9M+nZLxn0

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  FlStudio20.9.2.exe
- Size
  
  761.7MB
- MD5
  
  3c578b92dd23970e9bb0f5a8f597e8c8
- SHA1
  
  0a21b23ae9033bfaea50bb016d796edf788490a3
- SHA256
  
  63587837ea2475b2541975621dcb10d047dab0cec92de4151e45a102a7285f82
- SHA512
  
  2796ff58f93f5e007489f8e466856aeb7198dd36b2a1361284a095a184076c5b8c9386104dc8edd02c1d4d0ff69de73e65280f3c7440582f46af703f5a3efbd8
- SSDEEP
  
  98304:CH4fK48pBU2d8uabhLbJVzwI06P8sa4lGOgLjK9L:geBjzw56xa4lGOgvq
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer