vidar | 2059081ffb62478d0bd2481b71a2f1dc34f8cdc6d3ba011c638af4a09e0a846d | Triage

Sharing

General

Target

Valorant.rar
Size

10.1MB
Sample

230203-rg6eqsff48
MD5

f2bd4f3a3ee27669862640f715187ba5
SHA1

6b6afb2d02ac8f85982bf2e41a2a889f6ae138a8
SHA256

2059081ffb62478d0bd2481b71a2f1dc34f8cdc6d3ba011c638af4a09e0a846d
SHA512

46e43fbfb6483008c2e8e3b88c98efd7a2acaf525e2c34bd5e07aa485bc4ba7dd19f02f6fc5082774d6665cc5828a95960a8392ea9c04187e2756d41fb30cab1
SSDEEP

196608:/k7Kt6WIjI5F1UUf/JVNrI7mgK5PNQq7u+gXR2MykL6lv1VP7:/k7nBEFeUX9r/V1NfucXVrVj

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Valorant.exe
- Size
  
  761.7MB
- MD5
  
  7dbbd9cb789eef6634df521458707a8e
- SHA1
  
  8b145b3a1b8fa985c5951b05a4ea23282e462d6e
- SHA256
  
  2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
- SHA512
  
  700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
- SSDEEP
  
  98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer