vidar | a0011af87d955b5f102024112e88d51bd0a43673245fb98bd546294b79c65448 | Triage

Sharing

General

Target

b4a57b62569ee1ccb1c2dae148488dc9e37d738f0fed4f0a6e144caeb910f546_payload.bin
Size

1.6MB
Sample

230220-mw1qksaf92
MD5

8253786095516f65bb5d94e994e0dd8d
SHA1

e1c41a79363b3a9c0e5309ff7db0b57690c42b95
SHA256

a0011af87d955b5f102024112e88d51bd0a43673245fb98bd546294b79c65448
SHA512

d1a601e30e72a2f22d4e1ce6bffce2b5cb0f9c7baf151903592055c11bff7e1c01bf41aeeb7ae59fae0eef5396994af711af120fc532a8ea208c7b792cac850b
SSDEEP

12288:dfGN/p5hM4+kLcU0Sx24cAa4cb6ZnuudoNssAlheGWEGfd/Y6zUCbV4JZmlnoU:Jq/ZM4+TnqvnWttYqUgegoU

Score

10^/10

vidar 903 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

903

Attributes

profile_id
903

Targets

- Target
  
  b4a57b62569ee1ccb1c2dae148488dc9e37d738f0fed4f0a6e144caeb910f546_payload.bin
- Size
  
  1.6MB
- MD5
  
  8253786095516f65bb5d94e994e0dd8d
- SHA1
  
  e1c41a79363b3a9c0e5309ff7db0b57690c42b95
- SHA256
  
  a0011af87d955b5f102024112e88d51bd0a43673245fb98bd546294b79c65448
- SHA512
  
  d1a601e30e72a2f22d4e1ce6bffce2b5cb0f9c7baf151903592055c11bff7e1c01bf41aeeb7ae59fae0eef5396994af711af120fc532a8ea208c7b792cac850b
- SSDEEP
  
  12288:dfGN/p5hM4+kLcU0Sx24cAa4cb6ZnuudoNssAlheGWEGfd/Y6zUCbV4JZmlnoU:Jq/ZM4+TnqvnWttYqUgegoU
Score

10^/10

vidar 903 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar903stealer

behavioral2

vidar903spywarestealer