vidar | 281e151f52f90a34a9baeee9c0e39a91bbe2f3b26517a8d15add3c6cac95f2ac | Triage

Sharing

General

Target

DirectX Setup.exe
Size

761.7MB
Sample

230210-sh76dsfb27
MD5

1b7356b8241e9ade1be8625980f43b90
SHA1

76c67ae1ca0a2f5c4bcd36663f85a0114a419217
SHA256

281e151f52f90a34a9baeee9c0e39a91bbe2f3b26517a8d15add3c6cac95f2ac
SHA512

8810c81c00971952324104a8ca2932f82357f1d123df863e489bbbd77047b61f8f035bba63f6a66137252b83c79b48fda6a3d22765317fef198fa4a84905a072
SSDEEP

12288:d8fOB/ocZiIY9RKsnlYqLbvv5z2BywLKW7XID2PI:lB/ocZiIFqLb38VLKk66I

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  DirectX Setup.exe
- Size
  
  761.7MB
- MD5
  
  1b7356b8241e9ade1be8625980f43b90
- SHA1
  
  76c67ae1ca0a2f5c4bcd36663f85a0114a419217
- SHA256
  
  281e151f52f90a34a9baeee9c0e39a91bbe2f3b26517a8d15add3c6cac95f2ac
- SHA512
  
  8810c81c00971952324104a8ca2932f82357f1d123df863e489bbbd77047b61f8f035bba63f6a66137252b83c79b48fda6a3d22765317fef198fa4a84905a072
- SSDEEP
  
  12288:d8fOB/ocZiIY9RKsnlYqLbvv5z2BywLKW7XID2PI:lB/ocZiIFqLb38VLKk66I
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer