vidar | e282e8a40a9f9c66e32ff63aa62ea236f642110e79047a3c3d00428df09536a6 | Triage

Sharing

General

Target

Setup.exe
Size

455KB
Sample

230216-vb858aaf66
MD5

46ced715071c8e998a019ec544790ed1
SHA1

0f67f728da0c67ec820d378e589675db03e948df
SHA256

e282e8a40a9f9c66e32ff63aa62ea236f642110e79047a3c3d00428df09536a6
SHA512

26e5988211adb4d8d6899f9545f2b7a25b5e34fdfe775d713087f041392b3fc40eef07ae6deb13e4fc4b68fd9d40d7f03a83516eb44568ff57076fa5d6415385
SSDEEP

12288:OyAELcw3oMjkYvQUbsO15e82fZPMfq3tzWdvoZL9RfMBy:OC15iEidzWRoZ30By

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes

profile_id
408

Targets

- Target
  
  Setup.exe
- Size
  
  455KB
- MD5
  
  46ced715071c8e998a019ec544790ed1
- SHA1
  
  0f67f728da0c67ec820d378e589675db03e948df
- SHA256
  
  e282e8a40a9f9c66e32ff63aa62ea236f642110e79047a3c3d00428df09536a6
- SHA512
  
  26e5988211adb4d8d6899f9545f2b7a25b5e34fdfe775d713087f041392b3fc40eef07ae6deb13e4fc4b68fd9d40d7f03a83516eb44568ff57076fa5d6415385
- SSDEEP
  
  12288:OyAELcw3oMjkYvQUbsO15e82fZPMfq3tzWdvoZL9RfMBy:OC15iEidzWRoZ30By
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer