vidar | e33b554abd174a255530352bf7e640f04935eae8bee36034914c131e99c6c339 | Triage

Sharing

General

Target

setup.exe
Size

457KB
Sample

230321-y8zvlaeh9v
MD5

a966945076f3ac5eb3282a0d1dc2101b
SHA1

71c4936cd89ec51e5d8988e6736d9584d6a18b4b
SHA256

e33b554abd174a255530352bf7e640f04935eae8bee36034914c131e99c6c339
SHA512

939fdf1ec644a2e09739868acbc737a10c19df152ea1b456a370160c31580805336fb7b1c787d6632112d46ec643f8fa940e1c7bb24b3fe06eb39cf2e2cc4d01
SSDEEP

12288:NdBCCL9DFn7TvTswnmsyzNkv4Yp2yYiL39g:NdBCCL9DF7Trswcw4k24g

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.6

Botnet

408

C2

https://t.me/robertotalks

https://steamcommunity.com/profiles/76561199480821604

http://95.217.157.160:80

Attributes

profile_id
408

Targets

- Target
  
  setup.exe
- Size
  
  457KB
- MD5
  
  a966945076f3ac5eb3282a0d1dc2101b
- SHA1
  
  71c4936cd89ec51e5d8988e6736d9584d6a18b4b
- SHA256
  
  e33b554abd174a255530352bf7e640f04935eae8bee36034914c131e99c6c339
- SHA512
  
  939fdf1ec644a2e09739868acbc737a10c19df152ea1b456a370160c31580805336fb7b1c787d6632112d46ec643f8fa940e1c7bb24b3fe06eb39cf2e2cc4d01
- SSDEEP
  
  12288:NdBCCL9DFn7TvTswnmsyzNkv4Yp2yYiL39g:NdBCCL9DF7Trswcw4k24g
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer