vidar | 9a61e776585dc88a15e548278caead09cdb871d4f4fac962cf14f0d43eca9c25 | Triage

Sharing

General

Target

tmp
Size

409KB
Sample

230329-ysl9kahf95
MD5

24604438f2cb5fcbda87b9fe3f817bcb
SHA1

fe61f3c2824ea356df33eba858d5abed8f46ef82
SHA256

9a61e776585dc88a15e548278caead09cdb871d4f4fac962cf14f0d43eca9c25
SHA512

179fbb54aa9f3f87ff56c2521354a846d67115e691f2c9821dca92ed01b0492334ced528b33d3062d9a5575fa3ae0e1a12f2cf89150d380234af3921edcb7f9d
SSDEEP

6144:YtojTSy7+iRLF+NkKloo39+Te9Oy4BXZ/lZX02oNawWk/mrFy27UoZkCDqUFh:bSAM/99+Te9nWzZXcp/GF7UyDqUFh

Score

10^/10

vidar 2548f166286a0b36dbfd9f8a1ac09311 stealer

Malware Config

Extracted

Family

vidar

Version

3

Botnet

2548f166286a0b36dbfd9f8a1ac09311

C2

https://t.me/zaskullz

https://steamcommunity.com/profiles/76561199486572327

http://135.181.87.234:80

Attributes

profile_id_v2
2548f166286a0b36dbfd9f8a1ac09311

Targets

- Target
  
  tmp
- Size
  
  409KB
- MD5
  
  24604438f2cb5fcbda87b9fe3f817bcb
- SHA1
  
  fe61f3c2824ea356df33eba858d5abed8f46ef82
- SHA256
  
  9a61e776585dc88a15e548278caead09cdb871d4f4fac962cf14f0d43eca9c25
- SHA512
  
  179fbb54aa9f3f87ff56c2521354a846d67115e691f2c9821dca92ed01b0492334ced528b33d3062d9a5575fa3ae0e1a12f2cf89150d380234af3921edcb7f9d
- SSDEEP
  
  6144:YtojTSy7+iRLF+NkKloo39+Te9Oy4BXZ/lZX02oNawWk/mrFy27UoZkCDqUFh:bSAM/99+Te9nWzZXcp/GF7UyDqUFh
Score

10^/10

vidar 2548f166286a0b36dbfd9f8a1ac09311 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar2548f166286a0b36dbfd9f8a1ac09311stealer

behavioral2

vidar2548f166286a0b36dbfd9f8a1ac09311stealer