vidar | 12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a | Triage

Sharing

General

Target

12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
Size

2.0MB
Sample

230206-17cd1sbd4w
MD5

e3ab1a19bbe6091e10550086c676e189
SHA1

2d70248fc6fec261971b4b74c09794d55239e8f5
SHA256

12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
SHA512

1ffe050189a14f9cbd1faa7390463d0ed39e8ca0270d21796017cf216539436149c82d5ce7d1b65b7661afd7a756b34cb86c6615bc7c11041a122f1c600c8b85
SSDEEP

12288:ItI83H5skVTTE5ZhYBZ4AZa7tbsQDysckC0eh9/5z9:IpsLOBZ4oaDen

Score

10^/10

vidar 694 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

694

Attributes

profile_id
694

Targets

- Target
  
  12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
- Size
  
  2.0MB
- MD5
  
  e3ab1a19bbe6091e10550086c676e189
- SHA1
  
  2d70248fc6fec261971b4b74c09794d55239e8f5
- SHA256
  
  12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
- SHA512
  
  1ffe050189a14f9cbd1faa7390463d0ed39e8ca0270d21796017cf216539436149c82d5ce7d1b65b7661afd7a756b34cb86c6615bc7c11041a122f1c600c8b85
- SSDEEP
  
  12288:ItI83H5skVTTE5ZhYBZ4AZa7tbsQDysckC0eh9/5z9:IpsLOBZ4oaDen
Score

10^/10

vidar 694 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar694spywarestealer

behavioral2

vidar694spywarestealer