vidar | c3b25b89a0523486ba5b6da256cebcaf4bc386c9ce5c38047a2b6efc054d2d51 | Triage

Sharing

General

Target

Setup.exe
Size

455KB
Sample

230208-p87qrsah27
MD5

6b547d1da1d61dea80abd9bec8d2fd3e
SHA1

6fc46301e375366a9c1349507ebb6ac705fa22cf
SHA256

c3b25b89a0523486ba5b6da256cebcaf4bc386c9ce5c38047a2b6efc054d2d51
SHA512

3fe6168f0d8f1d8e379126d8f043794538fcc68ec9a564670d3624dc83aa12f08c08062acc4d94243e1b2b949aabb3ba1caea95de1418eccc9b333880ef87edb
SSDEEP

12288:POO8GlbYax2Q2ceYFXphphgJviDyoZBXhd:LNBbhesjpGqhHxd

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Setup.exe
- Size
  
  455KB
- MD5
  
  6b547d1da1d61dea80abd9bec8d2fd3e
- SHA1
  
  6fc46301e375366a9c1349507ebb6ac705fa22cf
- SHA256
  
  c3b25b89a0523486ba5b6da256cebcaf4bc386c9ce5c38047a2b6efc054d2d51
- SHA512
  
  3fe6168f0d8f1d8e379126d8f043794538fcc68ec9a564670d3624dc83aa12f08c08062acc4d94243e1b2b949aabb3ba1caea95de1418eccc9b333880ef87edb
- SSDEEP
  
  12288:POO8GlbYax2Q2ceYFXphphgJviDyoZBXhd:LNBbhesjpGqhHxd
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer