vidar | 213477a3397ca7dec2c5d5c873c0bb50908c0df1c704a7e8c3c6cd3f0c9c028f | Triage

Sharing

General

Target

a966945076f3ac5eb3282a0d1dc2101b.bin
Size

350KB
Sample

230323-b2ejracg34
MD5

808ceecf731271823c73c77fd39dcbda
SHA1

8b2112675546dc0291e38c7a09b766f4eecb7b3c
SHA256

213477a3397ca7dec2c5d5c873c0bb50908c0df1c704a7e8c3c6cd3f0c9c028f
SHA512

3fabcbafa7525053b9c43660fb547e2289c05fe2723e6fe37574b4d3b6ea994f39d4ec93bab011f39d3a3e8a9c22674dd38c324f0768c265f584fd79ee3622ca
SSDEEP

6144:698Mz1nZ4j+OYKbOfT9VJiUYBTe7fbzIYAwN6LL1UItG79fy8v8EAXR4WAN8oR:631QzYKbyT9VkpBS7DzVA4G1UhVyI8/6

Score

10^/10

vidar 408 spyware stealer

Malware Config

Extracted

Family

vidar

Version

2.6

Botnet

408

C2

https://t.me/robertotalks

https://steamcommunity.com/profiles/76561199480821604

http://95.217.157.160:80

Attributes

profile_id
408

Targets

- Target
  
  e33b554abd174a255530352bf7e640f04935eae8bee36034914c131e99c6c339.exe
- Size
  
  457KB
- MD5
  
  a966945076f3ac5eb3282a0d1dc2101b
- SHA1
  
  71c4936cd89ec51e5d8988e6736d9584d6a18b4b
- SHA256
  
  e33b554abd174a255530352bf7e640f04935eae8bee36034914c131e99c6c339
- SHA512
  
  939fdf1ec644a2e09739868acbc737a10c19df152ea1b456a370160c31580805336fb7b1c787d6632112d46ec643f8fa940e1c7bb24b3fe06eb39cf2e2cc4d01
- SSDEEP
  
  12288:NdBCCL9DFn7TvTswnmsyzNkv4Yp2yYiL39g:NdBCCL9DF7Trswcw4k24g
Score

10^/10

vidar 408 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar408spywarestealer

behavioral2

vidar408spywarestealer