vidar | fa12bfc2ff553bc30ca814db6f17e5121af51a24e3968c024ba33d22a73c7ffc | Triage

Sharing

General

Target

AutoTuneAntares2022.rar
Size

7.4MB
Sample

230401-11rkcsed8w
MD5

4e740894df74659f82053b8e41931bdb
SHA1

25ca3d8ce89e917131281684e757e7fdda6f8917
SHA256

fa12bfc2ff553bc30ca814db6f17e5121af51a24e3968c024ba33d22a73c7ffc
SHA512

3b6a5cf483150cae95d5689e6ed2aa3c678d94bd5cba4a4dac74caf8c640bbd79d66970f138936244fe736726534e188f07e8b8cb79c2243844b9ad5866ee66c
SSDEEP

98304:s5IVAI9ZVFFLAYNVFkNH3DGrfrcx5G4BzI0X/sjGwWFJtA72x/T1oSjUsBnIPFQk:su39zFhRP+hBAbWHtASxrCHshN2h

Score

10^/10

vidar 5486a916d26a1354ec22e5bc436bbf98 stealer

Malware Config

Extracted

Family

vidar

Version

3.1

Botnet

5486a916d26a1354ec22e5bc436bbf98

C2

https://steamcommunity.com/profiles/76561199472266392

https://t.me/tabootalks

http://135.181.26.183:80

Attributes

profile_id_v2
5486a916d26a1354ec22e5bc436bbf98
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Targets

- Target
  
  Setup.exe
- Size
  
  761.7MB
- MD5
  
  1189d727b085bf91134ebbd8f1b697ba
- SHA1
  
  174a09dc1359651aa16d065a88728bba2e95012d
- SHA256
  
  e736f3a6950783a32b91b8986027dc71ba0167673b936b359163cef2e2ac75ec
- SHA512
  
  491ef477d54cb030416ded90eb0e4071153d2ebc65273fcee681bdecb392f15a83bfb96385fb42e8e43c0920e5beca3eb368f9f26b14a226a15c6e8c7cb02e6e
- SSDEEP
  
  12288:JhY5RQh0o7DIcRWUy+7a8K/7CtYD3GSumH:4PQhVXDRFK/7C+GSuc
Score

10^/10

vidar 5486a916d26a1354ec22e5bc436bbf98 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

vidar5486a916d26a1354ec22e5bc436bbf98stealer

behavioral2