vidar | 4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c | Triage

Sharing

General

Target

4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c
Size

430KB
Sample

230319-tb8n1sbb2w
MD5

c310d4e479589d94b6f948a43624d3e0
SHA1

46110b16dfea473ed09db50c9688b47020bc39b0
SHA256

4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c
SHA512

4c39789d30d6e7c543ef8831a73e017856b08219117123ee5f65636f60819f53cccbdff436f50abb75236b7e73a8ed3a6994d2c63335a382779772fb476071cd
SSDEEP

6144:SXa7AHRZ/jjmEhQjolEQZu7k0U4ETThwMdCl24c8rufdhzSxucWJBM:ia7WRxjjmEl0k0wThwMsM7rmIckq

Score

10^/10

vidar 2548f166286a0b36dbfd9f8a1ac09311 stealer

Malware Config

Extracted

Family

vidar

Version

3

Botnet

2548f166286a0b36dbfd9f8a1ac09311

C2

https://t.me/zaskullz

https://steamcommunity.com/profiles/76561199486572327

http://135.181.87.234:80

Attributes

profile_id_v2
2548f166286a0b36dbfd9f8a1ac09311

Targets

- Target
  
  4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c
- Size
  
  430KB
- MD5
  
  c310d4e479589d94b6f948a43624d3e0
- SHA1
  
  46110b16dfea473ed09db50c9688b47020bc39b0
- SHA256
  
  4720007dc50c1eda6f4aaf5ba8eeebb276ecde68bbf1a146fce899aa2b0c0c1c
- SHA512
  
  4c39789d30d6e7c543ef8831a73e017856b08219117123ee5f65636f60819f53cccbdff436f50abb75236b7e73a8ed3a6994d2c63335a382779772fb476071cd
- SSDEEP
  
  6144:SXa7AHRZ/jjmEhQjolEQZu7k0U4ETThwMdCl24c8rufdhzSxucWJBM:ia7WRxjjmEl0k0wThwMsM7rmIckq
Score

10^/10

vidar 2548f166286a0b36dbfd9f8a1ac09311 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar2548f166286a0b36dbfd9f8a1ac09311stealer