vidar | 19f69d5de7811b810305e1b5c5dd32bc3079a4d3a69771b3dacca34206398747 | Triage

Sharing

General

Target

FlStudio20.9.2.zip
Size

12.8MB
Sample

230202-te5rjahf5v
MD5

39f52837f2e255622483db242e1d2387
SHA1

3d1a6afd1ff080ea82e739e02a8e1fbe05ec892a
SHA256

19f69d5de7811b810305e1b5c5dd32bc3079a4d3a69771b3dacca34206398747
SHA512

27a6ae5aca2973e50427fceca42f46b385a4d42d947da1986fc9fdefb9c703cc8510d3bf493c06326aa668f67a1cd992d1867321c6ccdc158c53e2c67d976da8
SSDEEP

393216:7xIriTHJOJFy6McIVL5AdyrwdrGFLxLkXkRG/yc:79VOX0/LzwdkqAG/yc

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  FlStudio20.9.2.exe
- Size
  
  761.7MB
- MD5
  
  7dbbd9cb789eef6634df521458707a8e
- SHA1
  
  8b145b3a1b8fa985c5951b05a4ea23282e462d6e
- SHA256
  
  2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
- SHA512
  
  700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
- SSDEEP
  
  98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  bin.dll
- Size
  
  7KB
- MD5
  
  d3b681d68824ea81f52c7d6b4a179da0
- SHA1
  
  e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f
- SHA256
  
  0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db
- SHA512
  
  78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011
- SSDEEP
  
  6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n
Score

1^/10
behavioral3 behavioral4
- Target
  
  file.dll
- Size
  
  7KB
- MD5
  
  d3b681d68824ea81f52c7d6b4a179da0
- SHA1
  
  e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f
- SHA256
  
  0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db
- SHA512
  
  78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011
- SSDEEP
  
  6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer

behavioral3

behavioral4

behavioral5

behavioral6