vidar | 1e1a94b620ca832df3db9166c3cdb3e2e4da334c04ed6301a7da4ecea586bb12 | Triage

Sharing

General

Target

Setup.exe
Size

451KB
Sample

230216-tx3pwsab91
MD5

8a1ecc6285229de387aefc6c5d3fc6e3
SHA1

0f2232abd9f6fbe0c29aa0a9c2c93f4532d89f9a
SHA256

1e1a94b620ca832df3db9166c3cdb3e2e4da334c04ed6301a7da4ecea586bb12
SHA512

358a85c458a36530d7741bd31b368cd676d7913cc02978addd25f868f5cc6a64bdc23e16c9586e76440e84d6151bb74a6e5ec514f8321ae7312d456f4a3fbd1a
SSDEEP

6144:MUGCyZKR2xcdgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/6Fip6y/OMW:MUGCp7e82fZPMfq3tzWdvoZL92fMBg

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Setup.exe
- Size
  
  451KB
- MD5
  
  8a1ecc6285229de387aefc6c5d3fc6e3
- SHA1
  
  0f2232abd9f6fbe0c29aa0a9c2c93f4532d89f9a
- SHA256
  
  1e1a94b620ca832df3db9166c3cdb3e2e4da334c04ed6301a7da4ecea586bb12
- SHA512
  
  358a85c458a36530d7741bd31b368cd676d7913cc02978addd25f868f5cc6a64bdc23e16c9586e76440e84d6151bb74a6e5ec514f8321ae7312d456f4a3fbd1a
- SSDEEP
  
  6144:MUGCyZKR2xcdgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/6Fip6y/OMW:MUGCp7e82fZPMfq3tzWdvoZL92fMBg
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer