vidar | 9b7c71c299faeabcbe450a3a14da0579db63dcb86be807c1ab47389205048712 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

3.8MB
Sample

230201-pll6jsfa6w
MD5

d840a2c72a512dd1216b6a9d55064bdb
SHA1

92d6ab58ac492ed6a5819663c729678d37c4a16b
SHA256

9b7c71c299faeabcbe450a3a14da0579db63dcb86be807c1ab47389205048712
SHA512

70174c32c37d59d044025912453e327d880ac953679237daa3b71c7b40be4011b3784c04dd418462f3023870a1a506885657e8c5b6c3ed367ee45584a4492834
SSDEEP

24576:5zD5WoDpbTNjS0kfrdX77+p4N+WaB0+X0smhKpcE0RMfAGea1713LBpN8Xw/d:HWX77+PV0bsoKpcE0VGean3LRSg

Score

10^/10

vidar 886 spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

vidar 886 spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

886

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
886

Targets

- Target
  
  file.exe
- Size
  
  3.8MB
- MD5
  
  d840a2c72a512dd1216b6a9d55064bdb
- SHA1
  
  92d6ab58ac492ed6a5819663c729678d37c4a16b
- SHA256
  
  9b7c71c299faeabcbe450a3a14da0579db63dcb86be807c1ab47389205048712
- SHA512
  
  70174c32c37d59d044025912453e327d880ac953679237daa3b71c7b40be4011b3784c04dd418462f3023870a1a506885657e8c5b6c3ed367ee45584a4492834
- SSDEEP
  
  24576:5zD5WoDpbTNjS0kfrdX77+p4N+WaB0+X0smhKpcE0RMfAGea1713LBpN8Xw/d:HWX77+PV0bsoKpcE0VGean3LRSg
Score

10^/10

vidar 886 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar886spywarestealer

behavioral2

© 2018-2024

Terms | Privacy