vidar

Sharing

Copy URL

Twitter E-mail

General

Target

1.zip
Size

11.5MB
Sample

230401-jh2h6sgg42
MD5

743355b630567498e9e61f172de32b45
SHA1

8a36ee1231a3cb9d385b6c83fe08bb985926e4f6
SHA256

1b3f39e0d2c736b7dbbc037931820f690698b2d4caa903abd49a8104375f0def
SHA512

cbeb52ed27fe3736a8f49e4a0d477e8afc3be2dceaf84b112828ea907906f53ea80eaeb4a5209cd9f553cc78e61b1d0b606148c70e3ef2972dd46157d766bb97
SSDEEP

196608:SMcLBCMcLB5McLBIPMcLBEMcLB0McLBPMcLBRrX:zcLBDcLBqcLBdcLBJcLBZcLBkcLBFX

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

3.2

Botnet

7c3b9638dfdc3d98c6bdc75b937c88c7

https://steamcommunity.com/profiles/76561199489580435

https://t.me/tabootalks

Attributes

profile_id_v2
7c3b9638dfdc3d98c6bdc75b937c88c7
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Targets

- Target
  
  1/HwidProtector.dll
- Size
  
  228KB
- MD5
  
  e4c67cc149ca5fa61382f8654409feee
- SHA1
  
  408931b18d31562fe9f3419d7663a1cafcc7f65f
- SHA256
  
  f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6
- SHA512
  
  49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b
- SSDEEP
  
  1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy
Score

1^/10
behavioral1 behavioral2
- Target
  
  1/Qt5Core.dll
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

3^/10
behavioral3 behavioral4
- Target
  
  1/Qt5Gui.dll
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

3^/10
behavioral5 behavioral6
- Target
  
  1/Setup.exe
- Size
  
  801.3MB
- MD5
  
  4cd6b198144b2d85ecb105122814778b
- SHA1
  
  182ba17254720753d13b4d7e99aaf174cc14333a
- SHA256
  
  edc99e7a60436399c8cab31b3b609775209df410c452016900ce63e48997f20c
- SHA512
  
  8bb7ff2ff1ad4cd32e579699df74d2840c108ba2649560817811f7c1e5999473a98b4a1a2e5dd1d0a7ca724f3db1548f88f0f4bbeddd54fd50dff0b14a986e9f
- SSDEEP
  
  12288:W0lnTBTbY6Zb1Y0jAgp2X6IK0NKJ1noE+FKP4:WslTMmW0jvQ6IogEMKA
Score

10^/10

vidar 7c3b9638dfdc3d98c6bdc75b937c88c7 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  1/bin/dxsupport_episodic.dll
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral10 behavioral9
- Target
  
  1/borlndmm.dll
- Size
  
  47KB
- MD5
  
  e3fcf256b4683ab92703842985b5e725
- SHA1
  
  0cd88d6b7fea697aef161f861861ecf8bdd4586d
- SHA256
  
  ca1f509d6779bc005f332027d50e9bafa952bcf970953593a9566973b4122759
- SHA512
  
  50d96e1ef2d8e941ad15427359600d35ef7cc879da9b14dc0b6228ddc375f5743e2c3a1ee239fd4f51261c4f1bc95d8a044abfcb052626fb86edcc54e7e74985
- SSDEEP
  
  768:Bu2xqT9w4SsJwUIgOmoowURkYAwtVo3c8EL+:BuD643Jd5Omvs39
Score

3^/10
behavioral11 behavioral12
- Target
  
  1/data/dxsupport.cfg
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

3^/10
behavioral13 behavioral14
- Target
  
  1/data/dxsupport_episodic.dll
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral15 behavioral16
- Target
  
  1/data/dxsupport_mac.cfg
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral17 behavioral18
- Target
  
  1/libEGL.dll
- Size
  
  18KB
- MD5
  
  379358b4cd4b60137c0807f327531987
- SHA1
  
  b0a5f6e3dcd0dbc94726f16ed55d2461d1737b59
- SHA256
  
  0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
- SHA512
  
  097c08135d654596a19ada814ad360a8c2374d989cbd7094c6acb092e9854abf1f1d878d3da72b66c4c75806586bee7fe04d555a1d82db170725bdbeadea7d50
- SSDEEP
  
  384:rLyPunoshzdtnbuH0aXOk0GfZh5g+zCxU:rLy7s5dJuHHOqhyy
Score

1^/10
behavioral19 behavioral20
- Target
  
  1/libeay32.dll
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral21 behavioral22
- Target
  
  1/msvcr120.dll
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral23 behavioral24
- Target
  
  1/profiles/dxsupport.cfg
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

3^/10
behavioral25 behavioral26
- Target
  
  1/profiles/dxsupport_episodic.dll
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral27 behavioral28
- Target
  
  1/profiles/dxsupport_mac.cfg
- Size
  
  3.3MB
- MD5
  
  e6945cceefc0a122833576a5fc5f88f4
- SHA1
  
  2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
- SHA256
  
  fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
- SHA512
  
  32d32675f9c5778c01044251abed80f46726a8b5015a3d7b22bbe503954551a59848dacfe730f00e1cd2c183e7ccccb2049cde3bc32c6538ff9eb2763392b8c9
- SSDEEP
  
  49152:0yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQt:F9fWAwVBC8MH2JNSF8+YPsXqUTt
Score

3^/10
behavioral29 behavioral30
- Target
  
  1/profiles/preview_work.dll
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32