vidar | 6ca0732c155a15f67928a38c9c9ba8b2f08fb5e90fa38332b94b0457607c208b | Triage

Sharing

General

Target

OriginalBuild.exe
Size

234KB
Sample

230411-vy3lysfe6w
MD5

4851971e37ce8cd2b61a795780b7d4b5
SHA1

eab1b044ddb4df43660b96cf8000e6b0bacf9f6e
SHA256

6ca0732c155a15f67928a38c9c9ba8b2f08fb5e90fa38332b94b0457607c208b
SHA512

82bbaa0f15206a2322a75d20571baf20c5e7e91c6cc5e1d4fdc1aebc36624c2da7cefa036e7bf6d1e0252a914e705631829cc12ade308f872ffe008b7c8731de
SSDEEP

3072:Yiwwb6hYh8zBR4FGTy8YkMwjmalLUZ7d+a+4alnzr1AXwBdR+6dO6drF4OogCY14:dY+hxl6pi4lnzr8wBWr692c1IOq

Score

10^/10

vidar 028224d8754aad544d9c102ba2ac630c spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.3

Botnet

028224d8754aad544d9c102ba2ac630c

C2

https://steamcommunity.com/profiles/76561199492257783

https://t.me/justsometg

Attributes

profile_id_v2
028224d8754aad544d9c102ba2ac630c
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

- Target
  
  OriginalBuild.exe
- Size
  
  234KB
- MD5
  
  4851971e37ce8cd2b61a795780b7d4b5
- SHA1
  
  eab1b044ddb4df43660b96cf8000e6b0bacf9f6e
- SHA256
  
  6ca0732c155a15f67928a38c9c9ba8b2f08fb5e90fa38332b94b0457607c208b
- SHA512
  
  82bbaa0f15206a2322a75d20571baf20c5e7e91c6cc5e1d4fdc1aebc36624c2da7cefa036e7bf6d1e0252a914e705631829cc12ade308f872ffe008b7c8731de
- SSDEEP
  
  3072:Yiwwb6hYh8zBR4FGTy8YkMwjmalLUZ7d+a+4alnzr1AXwBdR+6dO6drF4OogCY14:dY+hxl6pi4lnzr8wBWr692c1IOq
Score

10^/10

vidar 028224d8754aad544d9c102ba2ac630c spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar028224d8754aad544d9c102ba2ac630cspywarestealer