vidar | 26b6298c01cfc96cc478362f92a1fdd2b7dbb30bbb1cda749bf5b50a85cbe503 | Triage

Sharing

General

Target

26b6298c01cfc96cc478362f92a1fdd2b7dbb30bbb1cda749bf5b50a85cbe503.bin
Size

429KB
Sample

230506-zvkn7aeb75
MD5

99c8bedaeb9c99009d5935bfb6f61418
SHA1

640bb2606d0eb4b30493f2ddd09e9181fe79459e
SHA256

26b6298c01cfc96cc478362f92a1fdd2b7dbb30bbb1cda749bf5b50a85cbe503
SHA512

c1b03a2fadb81e0eb73fb70b88171336511f0d00d78322de00936d1642fe58253f915400c370016d0450509f7ae097b83286113463d864b3a159c890ba2975b9
SSDEEP

6144:SZIISrnQ0bnXp2ar2C1QSNa4Bjk5Mb4Yq9tS5UIrhOiGJ8Xesg:SZLSrnQ0bXpHr2C1QZ2h4Yq9cHOJ8ud

Score

10^/10

vidar 78489afd9d9a4747beb445e5fb5b9c96 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.6

Botnet

78489afd9d9a4747beb445e5fb5b9c96

C2

https://steamcommunity.com/profiles/76561199499188534

https://t.me/nutalse

Attributes

profile_id_v2
78489afd9d9a4747beb445e5fb5b9c96
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

Targets

- Target
  
  26b6298c01cfc96cc478362f92a1fdd2b7dbb30bbb1cda749bf5b50a85cbe503.bin
- Size
  
  429KB
- MD5
  
  99c8bedaeb9c99009d5935bfb6f61418
- SHA1
  
  640bb2606d0eb4b30493f2ddd09e9181fe79459e
- SHA256
  
  26b6298c01cfc96cc478362f92a1fdd2b7dbb30bbb1cda749bf5b50a85cbe503
- SHA512
  
  c1b03a2fadb81e0eb73fb70b88171336511f0d00d78322de00936d1642fe58253f915400c370016d0450509f7ae097b83286113463d864b3a159c890ba2975b9
- SSDEEP
  
  6144:SZIISrnQ0bnXp2ar2C1QSNa4Bjk5Mb4Yq9tS5UIrhOiGJ8Xesg:SZLSrnQ0bXpHr2C1QZ2h4Yq9cHOJ8ud
Score

10^/10

vidar 78489afd9d9a4747beb445e5fb5b9c96 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar78489afd9d9a4747beb445e5fb5b9c96stealer

behavioral2

vidar78489afd9d9a4747beb445e5fb5b9c96discoveryspywarestealer