vidar | 2dc7a6c312667a7c21f57665a42d015bf7185644075e4169835121070758236c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dc7a6c312667a7c21f57665a42d015bf7185644075e4169835121070758236c
Size

346KB
Sample

230421-13kjtscb51
MD5

6c06520ca8acc26024de9db24750e7f6
SHA1

70c50667ff4ca3d3e6976b0206e294b18a3ca09f
SHA256

2dc7a6c312667a7c21f57665a42d015bf7185644075e4169835121070758236c
SHA512

00d9c2a51045e6e049ead3a7f8585a29e52c8fdf2b03fa3ad4663193dd0f5d0b642e6cc2c26dac8978827b682f7b055e4a85055102e6bff1ff8937a3ff377934
SSDEEP

6144:Trg6jWb+6i6c8i0hWfEOYL0F1a8QpF04EnuI94Yr:TrjxIxUMk1a8Q3E9hr

Score

10^/10

vidar 2234cb18bdcd93ea6f4e5f1473025a81 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

2234cb18bdcd93ea6f4e5f1473025a81

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes

profile_id_v2
2234cb18bdcd93ea6f4e5f1473025a81
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  2dc7a6c312667a7c21f57665a42d015bf7185644075e4169835121070758236c
- Size
  
  346KB
- MD5
  
  6c06520ca8acc26024de9db24750e7f6
- SHA1
  
  70c50667ff4ca3d3e6976b0206e294b18a3ca09f
- SHA256
  
  2dc7a6c312667a7c21f57665a42d015bf7185644075e4169835121070758236c
- SHA512
  
  00d9c2a51045e6e049ead3a7f8585a29e52c8fdf2b03fa3ad4663193dd0f5d0b642e6cc2c26dac8978827b682f7b055e4a85055102e6bff1ff8937a3ff377934
- SSDEEP
  
  6144:Trg6jWb+6i6c8i0hWfEOYL0F1a8QpF04EnuI94Yr:TrjxIxUMk1a8Q3E9hr
Score

10^/10

vidar 2234cb18bdcd93ea6f4e5f1473025a81 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar2234cb18bdcd93ea6f4e5f1473025a81discoveryspywarestealer