vidar | 6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61 | Triage

Sharing

General

Target

Smaller.exe
Size

3.8MB
Sample

230202-v7jv7saa5w
MD5

494e03d339c4b84f71f0c122de940860
SHA1

85152244f96b8a76ece7a26ba1db4eded3715b80
SHA256

6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61
SHA512

5acc6fad0a576e16cb23d3058e9e186ee8bac9957c22bb6ba0c71214261596b627506a7f07f8d29b53d605762e45bed36cf48123f94d4a510f98cc1b1bf85c61
SSDEEP

98304:aVZ0gaAV265MWQT+VagEfsjjTNKBxeY19ICtHm:C3h2ChRogXjXNKBxemtHm

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

Attributes

profile_id
408

Targets

- Target
  
  Smaller.exe
- Size
  
  3.8MB
- MD5
  
  494e03d339c4b84f71f0c122de940860
- SHA1
  
  85152244f96b8a76ece7a26ba1db4eded3715b80
- SHA256
  
  6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61
- SHA512
  
  5acc6fad0a576e16cb23d3058e9e186ee8bac9957c22bb6ba0c71214261596b627506a7f07f8d29b53d605762e45bed36cf48123f94d4a510f98cc1b1bf85c61
- SSDEEP
  
  98304:aVZ0gaAV265MWQT+VagEfsjjTNKBxeY19ICtHm:C3h2ChRogXjXNKBxemtHm
Score

10^/10

vidar 408 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408stealer

behavioral2

vidar408spywarestealer