vidar | 44f6100a2d95f01fb7e692367928f9df629c556680bc74fe45011482184c8b61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.7MB
Sample

230209-jvej6sbb78
MD5

d7d08069ca5131d2f153a3a9b60455ff
SHA1

4655fd1d0ab47cd046a8043ed8c3dc2a87c0d5a4
SHA256

44f6100a2d95f01fb7e692367928f9df629c556680bc74fe45011482184c8b61
SHA512

fb6e0aabc699097c4fad820ece0ad9d0ab14d319b18e214e2ce753b7b8c6a6e1574b9fffc7b9bc3afb2935ea0d29fb67bca628707836d937355ba0dcfe78965a
SSDEEP

49152:HCSHvx8vQiFUYisfslgff2KWF+xdguj67gOJLiQiHfsdbpB+oYa1+e:HCSHZy/UY1klTzF6dpXOgQi/a7+Ne

Score

10^/10

vidar 589 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

589

Attributes

profile_id
589

Targets

- Target
  
  file.exe
- Size
  
  2.7MB
- MD5
  
  d7d08069ca5131d2f153a3a9b60455ff
- SHA1
  
  4655fd1d0ab47cd046a8043ed8c3dc2a87c0d5a4
- SHA256
  
  44f6100a2d95f01fb7e692367928f9df629c556680bc74fe45011482184c8b61
- SHA512
  
  fb6e0aabc699097c4fad820ece0ad9d0ab14d319b18e214e2ce753b7b8c6a6e1574b9fffc7b9bc3afb2935ea0d29fb67bca628707836d937355ba0dcfe78965a
- SSDEEP
  
  49152:HCSHvx8vQiFUYisfslgff2KWF+xdguj67gOJLiQiHfsdbpB+oYa1+e:HCSHZy/UY1klTzF6dpXOgQi/a7+Ne
Score

10^/10

vidar stealer 589 spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar589spywarestealer