vidar | 0dec4f7f0bbd17efab1cb9af9c0fbb78440b7e1fc02a64c169b42752305fc043 | Triage

Sharing

General

Target

774bd5fa9e8e0a7f86c1c90a8fa36220.bin
Size

6.2MB
Sample

230326-by4z8sha81
MD5

66084b41c21bce4eea4fba76d795e7a5
SHA1

518dfbf518adea897be99564991781a91554484c
SHA256

0dec4f7f0bbd17efab1cb9af9c0fbb78440b7e1fc02a64c169b42752305fc043
SHA512

a429421f2663f40d21b6ffca8a2bd9877131611fb08e89ede84136df10f9727b35305c5ad19a6c45e1839bc4a733e64e4d3f9f171e4c7080de30afe0e4ea4038
SSDEEP

196608:AMFKPikDThUNrzpFU/HE3oHgwrOhdMttsX+Aw3s+m:AMFGUNpFU/HUIg6ydM8Xw3rm

Score

10^/10

vidar c0df01d7f62e830be9c90dd9576d1deb discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.1

Botnet

c0df01d7f62e830be9c90dd9576d1deb

C2

https://steamcommunity.com/profiles/76561199472266392

https://t.me/tabootalks

http://135.181.26.183:80

Attributes

profile_id_v2
c0df01d7f62e830be9c90dd9576d1deb
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Targets

- Target
  
  b6fbba05f1a32b2fe499818cf4f2e09b6d6110e715e19efd16274a644f338a0c.exe
- Size
  
  6.5MB
- MD5
  
  774bd5fa9e8e0a7f86c1c90a8fa36220
- SHA1
  
  2a67e8f106e42800cfc2b8f7f54f30ca3e6f61d5
- SHA256
  
  b6fbba05f1a32b2fe499818cf4f2e09b6d6110e715e19efd16274a644f338a0c
- SHA512
  
  064baf902d6c6af82ccb7962ec1bb0331703612fbaf3bfa4ccc8fbc11e8cc845a7f236719dc15e747d5d5808b3cabdc0f1f7585518f850d289ad9dbeb89857dc
- SSDEEP
  
  98304:lZ+ThhzaCrJxJvCz9GR91J9W6B4Ucv6uimo3sQ4aUA1TbENOAIdNyghmPUf36L9i:z+TN9SBGRCLj44XA1kNQ8Amzn
Score

10^/10

vidar c0df01d7f62e830be9c90dd9576d1deb stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarc0df01d7f62e830be9c90dd9576d1debstealer

behavioral2

vidarc0df01d7f62e830be9c90dd9576d1debdiscoveryspywarestealer