vidar

General

Target

3278651feaa6ef551f129a85d9e530f693a5dbf91b900024ee7533eff03efd38
Size

5.7MB
Sample

230506-z3xcyshc2w
MD5

1c87be3086b35f72e87666036310df86
SHA1

72731934e1ece515cd8eea21eebcc99045ec81be
SHA256

3278651feaa6ef551f129a85d9e530f693a5dbf91b900024ee7533eff03efd38
SHA512

f3a90f1a215ae75b4ddad799ded8c0faad496e52afdfcda73d0412f804477cf25d82b7e6c5fc285bc766f802b96f8181c0bcf2e3e89b67aaf57d4d43071b5c40
SSDEEP

49152:qbjVOzG9vosBswUBzcIDd85mSCDrCp6/J2BAHh4w96Y/lprU3mP4VnsQeuRGIAhk:ajJ9vosBQ/d85m9D+6/kBtt+88hHE

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

3.6

Botnet

5b7f5f0a45607432e5eb399319678652

C2

https://steamcommunity.com/profiles/76561199499188534

https://t.me/nutalse

Attributes

profile_id_v2
5b7f5f0a45607432e5eb399319678652
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

Targets

- Target
  
  3278651feaa6ef551f129a85d9e530f693a5dbf91b900024ee7533eff03efd38
- Size
  
  5.7MB
- MD5
  
  1c87be3086b35f72e87666036310df86
- SHA1
  
  72731934e1ece515cd8eea21eebcc99045ec81be
- SHA256
  
  3278651feaa6ef551f129a85d9e530f693a5dbf91b900024ee7533eff03efd38
- SHA512
  
  f3a90f1a215ae75b4ddad799ded8c0faad496e52afdfcda73d0412f804477cf25d82b7e6c5fc285bc766f802b96f8181c0bcf2e3e89b67aaf57d4d43071b5c40
- SSDEEP
  
  49152:qbjVOzG9vosBswUBzcIDd85mSCDrCp6/J2BAHh4w96Y/lprU3mP4VnsQeuRGIAhk:ajJ9vosBQ/d85m9D+6/kBtt+88hHE
Score

10^/10

vidar 5b7f5f0a45607432e5eb399319678652 evasion stealer themida trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2