vidar | 7866f7deb431fa81365bfef20e7eb0a7ea21fa287922cef4c99c1de08c94c403 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7866f7deb431fa81365bfef20e7eb0a7ea21fa287922cef4c99c1de08c94c403
Size

473KB
Sample

230420-l3149aba9z
MD5

d3cb5d35e2062d4eab965e73df194fce
SHA1

bbef07109d25b40928d5116f52f5927e1345eaa5
SHA256

7866f7deb431fa81365bfef20e7eb0a7ea21fa287922cef4c99c1de08c94c403
SHA512

8351bb96b7dcae138d236e626f67e23a7dc66fdaf6db96a630751285d95223aa3e1cad47d540e66dd6f176a802804e0e8d877094b46595fc2849d564047fd4a4
SSDEEP

12288:J197sKFkiSMZdMTBTdUmEr99IngiDHNuhdDib:J379jSMZEimEYgQNuhRQ

Score

10^/10

vidar e749025c61b2caca10aa829a9e1a65a1 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.4

Botnet

e749025c61b2caca10aa829a9e1a65a1

C2

https://steamcommunity.com/profiles/76561199494593681

https://t.me/auftriebs

Attributes

profile_id_v2
e749025c61b2caca10aa829a9e1a65a1
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0

Targets

- Target
  
  7866f7deb431fa81365bfef20e7eb0a7ea21fa287922cef4c99c1de08c94c403
- Size
  
  473KB
- MD5
  
  d3cb5d35e2062d4eab965e73df194fce
- SHA1
  
  bbef07109d25b40928d5116f52f5927e1345eaa5
- SHA256
  
  7866f7deb431fa81365bfef20e7eb0a7ea21fa287922cef4c99c1de08c94c403
- SHA512
  
  8351bb96b7dcae138d236e626f67e23a7dc66fdaf6db96a630751285d95223aa3e1cad47d540e66dd6f176a802804e0e8d877094b46595fc2849d564047fd4a4
- SSDEEP
  
  12288:J197sKFkiSMZdMTBTdUmEr99IngiDHNuhdDib:J379jSMZEimEYgQNuhRQ
Score

10^/10

vidar e749025c61b2caca10aa829a9e1a65a1 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidare749025c61b2caca10aa829a9e1a65a1discoveryspywarestealer