vidar

General

Target

Autocad.rar
Size

6.7MB
Sample

230205-zxe7gsah35
MD5

ed1765de20e6e9ce0dce365cc44bbb95
SHA1

3eae0ae6f49805f62b41f5f1a281b070a78e078e
SHA256

91ebf6363618e6a388a917be54ffadff962c781628224f661ec229689260c6e0
SHA512

72093921f870dbb6ed14b9ff842aa9a630b0a855572ee31facaf49aa6b8b359e2155f5a93df396381bbc679c0676bdd11221dab3f53fe7b7bc5ba2b9994e5b83
SSDEEP

196608:HPm7AdCDOzAII2MC4pJGDJc0fSFxp/dsPHLEs1Trd:vm78CDOD3MC4TGNc0fSd/4LEs1/d

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Autocad.exe
- Size
  
  761.7MB
- MD5
  
  8467cac7efc8e21527b063e55a324dfc
- SHA1
  
  8b023d467c51d67bf962692f09a2bcbe85e6bbf9
- SHA256
  
  3a03dfba23ff1e3c345a77eb7691ea21a5994d1918800c1d9aeed0efd1626602
- SHA512
  
  259defa1fcb9a7c6c7d7635db5b1a351884d350adf6bbb68d7367e353fbedc0f3c4e656b0912a74dc3ce054e6cdf36265a0ee49fa19aca0e0e7f04b761b801a3
- SSDEEP
  
  12288:ZdyG7eqXwOR4eXccvuOq4KvEdj49lik1CAZjWthFoTmi:VyeR4jMujbMdk9TCAZjWthFY
Score

10^/10

vidar 408 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  bin.dll
- Size
  
  7KB
- MD5
  
  d3b681d68824ea81f52c7d6b4a179da0
- SHA1
  
  e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f
- SHA256
  
  0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db
- SHA512
  
  78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011
- SSDEEP
  
  6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n
Score

1^/10
behavioral3 behavioral4
- Target
  
  file.dll
- Size
  
  7KB
- MD5
  
  d3b681d68824ea81f52c7d6b4a179da0
- SHA1
  
  e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f
- SHA256
  
  0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db
- SHA512
  
  78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011
- SSDEEP
  
  6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n
Score

1^/10
behavioral5 behavioral6