vidar | e0c350a16bb3fec4d9306d413e93241c733412f14cbdc9a4e95e9f973aa1bcff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

430KB
Sample

230510-jepefagf8y
MD5

5602e1f1c8a4f96c62ebf4dd90d95fe4
SHA1

56edd59e9e90c8ce085739c21fbab83122a93ce0
SHA256

e0c350a16bb3fec4d9306d413e93241c733412f14cbdc9a4e95e9f973aa1bcff
SHA512

f209b3c708bb6390b3e3d8884202476f38ea3aa2038b272b634f9682e5577be5b9093b82abb4640872fc50711d86af54ad3ab4e44da040beeafa2d6227401012
SSDEEP

6144:I0piwLZuWym3TNRkr7iEZF4FlUpYtgECuNx6DJr3ISj7zBvGG4:ITw1uWyk0r77TrpY9ytDIqhvG

Score

10^/10

vidar 8de8c3f58ff0000c9c835e6068652130 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

8de8c3f58ff0000c9c835e6068652130

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre

Attributes

profile_id_v2
8de8c3f58ff0000c9c835e6068652130
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  file.exe
- Size
  
  430KB
- MD5
  
  5602e1f1c8a4f96c62ebf4dd90d95fe4
- SHA1
  
  56edd59e9e90c8ce085739c21fbab83122a93ce0
- SHA256
  
  e0c350a16bb3fec4d9306d413e93241c733412f14cbdc9a4e95e9f973aa1bcff
- SHA512
  
  f209b3c708bb6390b3e3d8884202476f38ea3aa2038b272b634f9682e5577be5b9093b82abb4640872fc50711d86af54ad3ab4e44da040beeafa2d6227401012
- SSDEEP
  
  6144:I0piwLZuWym3TNRkr7iEZF4FlUpYtgECuNx6DJr3ISj7zBvGG4:ITw1uWyk0r77TrpY9ytDIqhvG
Score

10^/10

vidar 8de8c3f58ff0000c9c835e6068652130 spyware stealer discovery
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar8de8c3f58ff0000c9c835e6068652130spywarestealer

behavioral2

vidar8de8c3f58ff0000c9c835e6068652130discoveryspywarestealer