vidar | b2879f9a1efa66ad099fd1d3efa7caabfdcbe785b296816f3e06d84afbcf9128 | Triage

Sharing

General

Target

AdobePhotoshop2023.rar
Size

6.7MB
Sample

230205-yy9l2seb2y
MD5

469bb8c671d4f722fb28b3a05b4e5f61
SHA1

9d64dc26dcdf2159bac87f5d91c6622f2fd6dea0
SHA256

b2879f9a1efa66ad099fd1d3efa7caabfdcbe785b296816f3e06d84afbcf9128
SHA512

abcd98547bfe256652e5ee87013c04ca62af6c61e460e5cb602502b56b57508fe99a71c7baa3403ae0b112578b89839209f79beec4c6829b335f4053d5543601
SSDEEP

196608:LgBLBa37iWqrU/DnDR41mwXACKbSYcUgOLWMiPx+N:yBADqwjD610dbRgOLsxw

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  AdobePhotoshop2023.exe
- Size
  
  761.7MB
- MD5
  
  8467cac7efc8e21527b063e55a324dfc
- SHA1
  
  8b023d467c51d67bf962692f09a2bcbe85e6bbf9
- SHA256
  
  3a03dfba23ff1e3c345a77eb7691ea21a5994d1918800c1d9aeed0efd1626602
- SHA512
  
  259defa1fcb9a7c6c7d7635db5b1a351884d350adf6bbb68d7367e353fbedc0f3c4e656b0912a74dc3ce054e6cdf36265a0ee49fa19aca0e0e7f04b761b801a3
- SSDEEP
  
  12288:ZdyG7eqXwOR4eXccvuOq4KvEdj49lik1CAZjWthFoTmi:VyeR4jMujbMdk9TCAZjWthFY
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer