vidar | 633dfc0b22644c468cfb0c0b7f1fefc791501626be96b7db31ecd171dca395f0 | Triage

Sharing

General

Target

Lightroom_debloated.exe
Size

402KB
Sample

230217-venzfsfh81
MD5

db3fd41ee2c887d662242dad2c37a2a6
SHA1

4e814d2566f8c80da83a63a9ab89ae71bb6d49dd
SHA256

633dfc0b22644c468cfb0c0b7f1fefc791501626be96b7db31ecd171dca395f0
SHA512

85a40796f9e76691dcc7c22a8574b8c5c4f2dc19cce70ce40efd608f9f109ba91629570fd4d75f18fc3cc408feff33207b9430b053333e7912d647133512675a
SSDEEP

12288:pPQKZKtOQL2O7Pp7GfEhMb0lM7xjWLuy3:pPQftc6Pp6fbWL/

Score

10^/10

vidar 408 stealer

Malware Config

Extracted

Family

vidar

Version

2.1

Botnet

408

C2

https://t.me/jetbim

https://steamcommunity.com/profiles/76561199471266194

Attributes

profile_id
408

Targets

- Target
  
  Lightroom_debloated.exe
- Size
  
  402KB
- MD5
  
  db3fd41ee2c887d662242dad2c37a2a6
- SHA1
  
  4e814d2566f8c80da83a63a9ab89ae71bb6d49dd
- SHA256
  
  633dfc0b22644c468cfb0c0b7f1fefc791501626be96b7db31ecd171dca395f0
- SHA512
  
  85a40796f9e76691dcc7c22a8574b8c5c4f2dc19cce70ce40efd608f9f109ba91629570fd4d75f18fc3cc408feff33207b9430b053333e7912d647133512675a
- SSDEEP
  
  12288:pPQKZKtOQL2O7Pp7GfEhMb0lM7xjWLuy3:pPQftc6Pp6fbWL/
Score

10^/10

vidar 408 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

vidar408stealer

behavioral2

vidar408stealer