vidar | c08e2ca15e8534820ef3b1241054cbdb4a62a2cd56f21a153695554f5a79b783 | Triage

Submit
Reports

Overview

overview

Static

static

1

Applicatio...ed.exe

windows7-x64

Applicatio...ed.exe

windows10-2004-x64

Sharing

General

Target

Application_debloated.exe
Size

3.8MB
Sample

230207-vs9hbach48
MD5

29d8b6368c5a7b9fec94b107baaa7329
SHA1

e5186b8a1c4b0b9b8cefe699e80e5554cd6a0546
SHA256

c08e2ca15e8534820ef3b1241054cbdb4a62a2cd56f21a153695554f5a79b783
SHA512

f9c7d9813d64764369baa4bc8af7cd85b4cb4523ee156d41f9cbc75d2e04ec4bac2040a14ebf7b56e883c8d5b795f620ff5d8a9aa9fbfce7e8eff38417684eab
SSDEEP

98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdS:wlrJAY55OnT6sNC/45Nxzd

Score

10^/10

vidar 408 spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Application_debloated.exe

Resource

win7-20220901-en

vidar 408 stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Application_debloated.exe

Resource

win10v2004-20220812-en

vidar 408 spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
408

Targets

- Target
  
  Application_debloated.exe
- Size
  
  3.8MB
- MD5
  
  29d8b6368c5a7b9fec94b107baaa7329
- SHA1
  
  e5186b8a1c4b0b9b8cefe699e80e5554cd6a0546
- SHA256
  
  c08e2ca15e8534820ef3b1241054cbdb4a62a2cd56f21a153695554f5a79b783
- SHA512
  
  f9c7d9813d64764369baa4bc8af7cd85b4cb4523ee156d41f9cbc75d2e04ec4bac2040a14ebf7b56e883c8d5b795f620ff5d8a9aa9fbfce7e8eff38417684eab
- SSDEEP
  
  98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdS:wlrJAY55OnT6sNC/45Nxzd
Score

10^/10

vidar 408 stealer spyware upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408stealer

behavioral2

vidar408spywarestealerupx

© 2018-2024

Terms | Privacy