vidar | c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e | Triage

Sharing

General

Target

Fortnite_Hack_v3.2.rar
Size

6.7MB
Sample

230420-f87w4ahh2z
MD5

10a84dd13e051cc5c8a725346a059116
SHA1

968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e
SHA256

c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e
SHA512

5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c
SSDEEP

196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa

Score

10^/10

vidar 395ff08de6af5e2dbf2e94b1ee2175c2 spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

395ff08de6af5e2dbf2e94b1ee2175c2

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes

profile_id_v2
395ff08de6af5e2dbf2e94b1ee2175c2
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  Fortnite_Hack_v3.2.rar
- Size
  
  6.7MB
- MD5
  
  10a84dd13e051cc5c8a725346a059116
- SHA1
  
  968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e
- SHA256
  
  c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e
- SHA512
  
  5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c
- SSDEEP
  
  196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa
Score

3^/10
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  1011.0MB
- MD5
  
  d35a4d0264151fe12392c2de7b862df5
- SHA1
  
  2db6d67aa751316ce81b539c29283e6fdf7ea127
- SHA256
  
  bff00b68ddba7142583a95fe90cb337ba59fef25fc0696847a19b60a4a782e6a
- SHA512
  
  eb5b22d44e90d70da0e6142b5a4725f1475a0db5c132aa783b11abc54fde6c7b51d31644be34de0fd27eb69598c592fbf9a289cb36e698c460bd7187f38069a9
- SSDEEP
  
  24576:cMOCW00r5wCxnzmkMDghx9qinBSl6QOM6LvFuPROlW5wwwwwwwwwwwwwwwwwwwwQ:bBW00GCZ6e5rdu8lWK
Score

10^/10

vidar 395ff08de6af5e2dbf2e94b1ee2175c2 stealer spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

vidar395ff08de6af5e2dbf2e94b1ee2175c2stealer

behavioral4

vidar395ff08de6af5e2dbf2e94b1ee2175c2spywarestealer