vidar

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.rar
Size

6.7MB
Sample

230204-zzq2rsef55
MD5

fcedea00be689e2af3ae1043242e5077
SHA1

db509baceeb7610c165b4d5042bb7ea562eb1620
SHA256

eb4a7d75e1661dc1d9e158317a788eaf1c280da115c0c78662d0cba514b1e59b
SHA512

3d4578cb24e5abc9959c2579c3b405358e7e7a664d418ccd844fce7af8a6f1bbd6cfd9cce69a0e43c0513e7cfc2c8f545a1545ea425595377534dae840b13656
SSDEEP

196608:PYWdEDom53foHJix3r7ZVVwkNynwYWdElomWmfoH39ZVdwkx:PYXv1f+ox3rVjRDYXl5f+3zrRx

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Setup.rar
- Size
  
  6.7MB
- MD5
  
  fcedea00be689e2af3ae1043242e5077
- SHA1
  
  db509baceeb7610c165b4d5042bb7ea562eb1620
- SHA256
  
  eb4a7d75e1661dc1d9e158317a788eaf1c280da115c0c78662d0cba514b1e59b
- SHA512
  
  3d4578cb24e5abc9959c2579c3b405358e7e7a664d418ccd844fce7af8a6f1bbd6cfd9cce69a0e43c0513e7cfc2c8f545a1545ea425595377534dae840b13656
- SSDEEP
  
  196608:PYWdEDom53foHJix3r7ZVVwkNynwYWdElomWmfoH39ZVdwkx:PYXv1f+ox3rVjRDYXl5f+3zrRx
Score

3^/10
behavioral1 behavioral2
- Target
  
  Setup/Application.exe
- Size
  
  761.7MB
- MD5
  
  e9b86872f7ccb57f84737364128b7cc9
- SHA1
  
  cc4edb90af92ae6b3e3122e6c3f35ed8f2b6d895
- SHA256
  
  3a87f4c5773d261302d59628ecd88ef4de554c5d8ff90bdc0876c2d780779ddf
- SHA512
  
  863e31eed9e359b89d121d5730a1350c37c757d1e3ae3f1fdfcc2d67a56eb6c5a19610a6234025530376f22c2a5c4f7d8bb329f276f95f753a2c15a46379e393
- SSDEEP
  
  12288:Dudb7OgMxQ0Q2hxPSmIcqMvqYUtirJuD1mK3h1fNQ:S9n70Q2hZSmIcq6qjTb3/NQ
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Setup/Locales/ca.pak
- Size
  
  319KB
- MD5
  
  d8f581d4b51456a5a35441c92f4472d9
- SHA1
  
  2c4efb6763957ca04db317c06147d37ea819f869
- SHA256
  
  e33c02b937c56ea5e9e9859516aea5c54ac4af7cbe188a6f17e9d3e8f282516f
- SHA512
  
  f9433d12bef2dac4c8813136237c2760cfcae87099368c8bc2447f54b73880cd2f29676edb588b7e5f7d569877fdda290939d8997d2b4c66fc9b3b032284981c
- SSDEEP
  
  6144:OPe5SiatVLURCwR/PJsi8v5MGsDk+O/muls3Vx3ECSZ3n4eZQlrmwwVPMLLbcRBo:OP2SNVLURCwR/PJsi8v5MGsDk+O/muly
Score

3^/10
behavioral5 behavioral6
- Target
  
  Setup/Locales/cs.pak
- Size
  
  327KB
- MD5
  
  2a0cf0a8a2a45da8cc44adf47bbe5cba
- SHA1
  
  f29e257d23cf5a7e881be277cf0b3ae3b59742e1
- SHA256
  
  b3977c1243ff03a035fbe859c1aa9a44c243283c17601979823fa59c229ea2fe
- SHA512
  
  073bba4a62617dc5f6a3d1dd874451fbde5ba08e7a09a2935d1b772031db8b5be10b9f47a099076acf3cd1a29bcd4ceb6116755cdb3240f44fa94c9244a9b5b2
- SSDEEP
  
  6144:Ght+SgKAwa5QlAozP15ym//lDJ/V8QRsm:mJPAwaGvP15ym3lDlj
Score

3^/10
behavioral7 behavioral8
- Target
  
  Setup/Locales/da.pak
- Size
  
  297KB
- MD5
  
  e937a36e7f898438dc93fb4a863e4075
- SHA1
  
  7aeba27fa3c227b2eb4a96ffc8f6316ba10214c6
- SHA256
  
  733ed8cd18a767af16cbb233f67497215d950114525d814b9bc09a87594878df
- SHA512
  
  c3aee3822891dd0f317e240fc490ad8ec57f5aae7a54ef37d16b247b782fb7aeaff55b4928e1b3e957c7ff0542368a71b5c9bb7003b12c2eaa37dd80d458167c
- SSDEEP
  
  6144:t98EnUeoE5JvKq+xLOmwUKJJDe26swU1L0F5+AzO2F61zZhip:nFib2453
Score

3^/10
behavioral10 behavioral9
- Target
  
  Setup/Locales/de.pak
- Size
  
  326KB
- MD5
  
  14f8f2f240b301d114f5b4e4ab5b8e0a
- SHA1
  
  0bcb1d2615e33eade38b2e3363abc1dea1151755
- SHA256
  
  f4d2c292d2ffc4e75e1064f1829db1d8d4d13a3d96aa3548b9bbebdde338f9b5
- SHA512
  
  05f86eb4dad977778ae4ab4f748e0798aa20464c68afdc86cebed8e485a0b8456549a6a3d0cfb12bbaea42178d9d5bd89968d4d8eef3887df1e172f4feecc993
- SSDEEP
  
  6144:F9KU5i98V9o/k00+gQF9TMqgxO6H/XphwlL5mq2URSgq:d5ii9o/k00iF9IHJ/X25qOSgq
Score

3^/10
behavioral11 behavioral12
- Target
  
  Setup/Locales/en-GB.pak
- Size
  
  260KB
- MD5
  
  ff3c0eb20df6eadc21b631dab4c325a8
- SHA1
  
  0da2745f1a938d4a2bf136c2210992893ab89481
- SHA256
  
  8b3a34638c29a34ac1dab1e9bf497e24206842dfe43ca691698016da432420a7
- SHA512
  
  d77c3486568936bf47a2194d99afc55e5fbdeb8f7128fada56030cb8bc996e91906a03fad6126ac852ad23287f98d285f82d9319c49e59ce24625c61bc1bb059
- SSDEEP
  
  6144:8adsdJuwP8bWX8qmMz9etivEfaYpk86xbx5WbTek:8bdJjFslMPv986z57k
Score

3^/10
behavioral13 behavioral14
- Target
  
  Setup/Locales/en-US.pak
- Size
  
  264KB
- MD5
  
  d88e338ff3888fce101a75ef0abd85d5
- SHA1
  
  4511a5856d10f69c1735e789c7b147fd3a93af5c
- SHA256
  
  7c803adac2d68a729365e79b3711cfef9cb51566324aa579a62a5347643e0e1f
- SHA512
  
  5af3780f6cd4cfc0657333d498a833f199c843cd9d23f25b80bbd05166c777d7effe7bad80c9b64d2278087dfe35ab88943ea27db7c9ea3cb2f0a44f44e39193
- SSDEEP
  
  6144:XlfQARNT63wWsweMz9etEo8faYGDWz/zV5xcV/wS:1fHRV6gD9MVoXWz554/wS
Score

3^/10
behavioral15 behavioral16
- Target
  
  Setup/Locales/es-419.pak
- Size
  
  317KB
- MD5
  
  32b26b9afb8dd050c0dabf5fa3c5f787
- SHA1
  
  11d0336356a1469727642db8a78d793f7cbf886d
- SHA256
  
  5e3439226db55927497df667b37a37b7c7307db4973ee46d9415c1e337ed4820
- SHA512
  
  f4ead39651e34da95181cfe448dffee8e46f8deaa6b47926b986201ec089d6af9320477311dc1824f1e535f75813cc09194bfbf77cefe573fe5e08f46b88c0d7
- SSDEEP
  
  3072:y1I8rQvEO/A+HVavjTxjze0nL13q+YHWyr8dN5TlQ+sQRBzgm9M:y1ZRO/7HVAmEggdN5KQRBzgm9M
Score

3^/10
behavioral17 behavioral18
- Target
  
  Setup/Locales/es.pak
- Size
  
  317KB
- MD5
  
  232beb6fc6e4f8bef55318958ed60c3c
- SHA1
  
  adfe81da2e24af959ee797b1d1d9d7ecce35b25f
- SHA256
  
  11d1a7d3657c61ff76bc48209330c1e63b826f46d37b0266dc5d690b95abbc9a
- SHA512
  
  326cb3b5774caf8c58dfad237b0cde896a81e049bb9abc4f762593b495105c5062c38692a17e06becb835ca2d66aa0745dc1940566c886b47cd6a26c4e70ad04
- SSDEEP
  
  6144:xQeXGXDDaCygF5PKBlmk5B7sGEPpGO6PZOk8q9:xJXQDDasVo8k5HEPA9
Score

3^/10
behavioral19 behavioral20
- Target
  
  Setup/Locales/et.pak
- Size
  
  286KB
- MD5
  
  1c375c0908a2b1efb0ce0f78bcfb26c2
- SHA1
  
  7a2d7dba8094ce049b41daa2e6cf63cbf00adf07
- SHA256
  
  797feaa296a9e7829ad7c61a4cb21caf58d227dcddb6b09206610a419408fd25
- SHA512
  
  ddc7c97a70a00067e8bf30e31bcba7290629d03997be2135cce37053cde3271c06bc11e119dbb67d55cdd18bccd18dcfeb7d5603c397f5c55d5272e310509338
- SSDEEP
  
  6144:p4lda1pvZ8LMqZBjU+4hbit85g4pwdEyfPQn:p4zYGLM++5z
Score

3^/10
behavioral21 behavioral22
- Target
  
  Setup/Locales/fi.pak
- Size
  
  291KB
- MD5
  
  a14eb6a83d450b6cb446000531905bb4
- SHA1
  
  d189aebc78a6a5ae0467d8681e460b49cf55f357
- SHA256
  
  304302bfed0f9f8a45439d86ee13d96060a3369ebf821ffa4fd779dc07f75080
- SHA512
  
  f36184300460185bc9a6418d56d3648b48b438b2a35a7dd0929a6a5ab096636ad4cf4811a6bf6b5bed78049a0671e1f471d24df6c8625e5b3c931fd6b87c1403
- SSDEEP
  
  6144:OgEzuIxpVNqWOEInULq53+o1E918PnRm0qX1w5:OgEaPR53+kE918Pp
Score

3^/10
behavioral23 behavioral24
- Target
  
  Setup/Locales/fil.pak
- Size
  
  329KB
- MD5
  
  392cf9a00dc0bc33ddbc7657c0cedf16
- SHA1
  
  24c694ab66d9a2e6fe5894bfeaccd1dd561090cf
- SHA256
  
  00d42753b54df1ee98ee223f8e0f2af559d6861b8ff38340eced8a74a2822b7f
- SHA512
  
  6251ee72eb2602b3c29126e35f58469291add77e533c8a5c160489c33b099e12af820d94654dbcb2f4cdfeb780f4d47be5d268f485aca40461885e90d97be05b
- SSDEEP
  
  6144:w5pJQa/RHDQ277GI0x0cbJXqGtZ3/5YhhTAH9T8:w5pVSx9D5vS
Score

3^/10
behavioral25 behavioral26
- Target
  
  Setup/Locales/fr.pak
- Size
  
  346KB
- MD5
  
  b23d3b75641a5796d484cf7acdf5388e
- SHA1
  
  b86d33e0531d21dac2794f5bc481113db17052d8
- SHA256
  
  44c03d05283303c00333f1356c738d6ff87708e4ae3f49e04813426082844943
- SHA512
  
  c496a1e626c631c1f4f5b06276e034328911d581fcc6e9f91993021076907fb75c52787a2aa77b903c0379be848b9e3d78d864be06284aae07d9d1d6b0a4cf55
- SSDEEP
  
  6144:uHcQVy19T0JoUX2bwT6r6QuaxVZrwnDv+OQ6rjzMYnYEo3ppmwurspz4kyxx4VJz:u8C09Br6QuaxVYPzMYnYEo3FOsakuxQz
Score

3^/10
behavioral27 behavioral28
- Target
  
  Setup/Locales/he.pak
- Size
  
  404KB
- MD5
  
  ed7894ea84474789c27657e91e7c184a
- SHA1
  
  4b883e05cda2063450f65bbebd53b4269fca79dd
- SHA256
  
  2a12317b35d0863bd3f457e321b7d30812ee00f278d25b7607f9bb6287b00f94
- SHA512
  
  b3b04284c21a63b5a39dc6dc207839db813294e95a5a8571fb8016fd0c27bb8832512c0ff056a5236c0e21d5dcad1570314647437c80b5457d03c192d28f014f
- SSDEEP
  
  12288:dNuRW5zrEBdp1h2U+MhI6011D35OGOMKK5iVRD8GVQcL:DKa5i
Score

3^/10
behavioral29 behavioral30
- Target
  
  Setup/Locales/hr.pak
- Size
  
  316KB
- MD5
  
  cc69a93d29843651c525f43d08b42b28
- SHA1
  
  94d7c7c95e9390996144623e19a45deadf918104
- SHA256
  
  bd17debf1cf886d655bfd749ccd5880f3596faa3d40ee50573b651942d60ace2
- SHA512
  
  d98cacbdeff1c11903bc1b4e1d98ce294136fb1421af62ffc0e229f8c4edd401e69f489610157c3d2dc2e4d3789ddba189136821fc54eb15f31bb36cd10aeb13
- SSDEEP
  
  3072:Q7tzXt2fbDjCtSi+OSBH0uP5xnCV9ZnTC0tl56ttJdeVOGOZYuiEs4W3m3q1+l3P:Q5kuB95pB5XHC
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32