vidar | 2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469 | Triage

Sharing

General

Target

AdobePremiere2022.exe
Size

761.7MB
Sample

230202-ssl1xabf86
MD5

7dbbd9cb789eef6634df521458707a8e
SHA1

8b145b3a1b8fa985c5951b05a4ea23282e462d6e
SHA256

2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
SHA512

700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
SSDEEP

98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  AdobePremiere2022.exe
- Size
  
  761.7MB
- MD5
  
  7dbbd9cb789eef6634df521458707a8e
- SHA1
  
  8b145b3a1b8fa985c5951b05a4ea23282e462d6e
- SHA256
  
  2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
- SHA512
  
  700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
- SSDEEP
  
  98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/
Score

10^/10

vidar 408 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408stealer

behavioral2

vidar408spywarestealer