vidar | db63b7f55f8dd6aa45b74230818bc5f58bc5b369c2170283ce298326c368fdac | Triage

Sharing

General

Target

CCleaner PRO.rar
Size

6.5MB
Sample

230503-k4bejsfh8z
MD5

0dba86c58001875a7c19910012c19af9
SHA1

3479c2964c369dd2df3a74e63db132358062aec2
SHA256

db63b7f55f8dd6aa45b74230818bc5f58bc5b369c2170283ce298326c368fdac
SHA512

f4d464ccfa0b237f656aea8b56475fbe7c5675ff244725ff3e73f6af6161d88f56e5af7544c970481d2e98ebfeffd83339cbefbc50f356e3ea19a2e1ba9c35dc
SSDEEP

98304:3LYfx5H/whHsbMPUg/1xcazeywh/Hi7B4DC8kxgVLQGkkYd1aDJfCJ7uKN+it2/S:7Yf3f/MsOTz8h/HIrMLQGnI1lsitga/

Score

10^/10

vidar 77d3e17ac7e9634fc0dfc5623380697a stealer

Malware Config

Extracted

Family

vidar

Version

3.4

Botnet

77d3e17ac7e9634fc0dfc5623380697a

C2

https://steamcommunity.com/profiles/76561199494593681

https://t.me/auftriebs

Attributes

profile_id_v2
77d3e17ac7e9634fc0dfc5623380697a
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0

Targets

- Target
  
  Setup.exe
- Size
  
  1019.0MB
- MD5
  
  01ec608e6d4ea82510ffad6f5a4e8f23
- SHA1
  
  21a941787b7ed3a19dbe32658408229cc754c7bc
- SHA256
  
  60b065ca115ebfba2e8653e176231ca9db9bc8643969c5f882c0196912c66c6f
- SHA512
  
  e514507339e99836eb52f15b2bedea3f1635b37b68ea30e89faee280605dca5cd3d191b2f82003bbc25f20bfab1177e2bb01bf6445de980edb8c0ba7a8a29d98
- SSDEEP
  
  12288:HkHH5YA/Wb6Wki+v68LOHRFEez0tX7bYMfBTy9eo1dm0:Hk9/Wb6i+S3HRC20tL9S
Score

10^/10

vidar 77d3e17ac7e9634fc0dfc5623380697a stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar77d3e17ac7e9634fc0dfc5623380697astealer

behavioral2

vidar77d3e17ac7e9634fc0dfc5623380697astealer