vidar | 04fc208575dbe86f6239f612c8eddb0d9587b9c5a2e20ba5e96190f28ea61ce4 | Triage

Submit
Reports

Overview

overview

Static

static

1

Loader.rar

windows7-x64

Loader.rar

windows10-2004-x64

Sharing

General

Target

Loader.rar
Size

1.8MB
Sample

230214-y7xzlsfd91
MD5

20db25a9fea3c1be7c05243f4a785f47
SHA1

93c957661c6fa16cf3444baf2ce5ded53e46feee
SHA256

04fc208575dbe86f6239f612c8eddb0d9587b9c5a2e20ba5e96190f28ea61ce4
SHA512

5e427fb5d5ccc6e38c00d0f6973b12b1075b319306a3beca394a93b792f08fcb9552923478265cdf68acb412eb80e8bc20f4764a577837aaf4ebd15bd9bd6ec9
SSDEEP

49152:SWDAhMeJFuQzcRKrAXNWNCLByJNg8CzPFQrWMlMbKZVl9V:SWDAhM6FEKrA9iCLByJJgFkiYl9V

Score

10^/10

vidar 408 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Loader.rar

Resource

win7-20221111-en

vidar 408 spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Loader.rar

Resource

win10v2004-20221111-en

vidar 408 spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Loader.rar
- Size
  
  1.8MB
- MD5
  
  20db25a9fea3c1be7c05243f4a785f47
- SHA1
  
  93c957661c6fa16cf3444baf2ce5ded53e46feee
- SHA256
  
  04fc208575dbe86f6239f612c8eddb0d9587b9c5a2e20ba5e96190f28ea61ce4
- SHA512
  
  5e427fb5d5ccc6e38c00d0f6973b12b1075b319306a3beca394a93b792f08fcb9552923478265cdf68acb412eb80e8bc20f4764a577837aaf4ebd15bd9bd6ec9
- SSDEEP
  
  49152:SWDAhMeJFuQzcRKrAXNWNCLByJNg8CzPFQrWMlMbKZVl9V:SWDAhM6FEKrA9iCLByJJgFkiYl9V
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer

© 2018-2024

Terms | Privacy