vidar | ad7e6c626cc86651b7d4dcc12d75852df91f669fb097eced45967fc8c7ae12a8 | Triage

Sharing

General

Target

file.exe
Size

2.4MB
Sample

230515-a1rx1sgd41
MD5

ea3117221a3f32361ac11237b2ca1010
SHA1

ba7faca67a6e73446645cbcc55035671a1ded54e
SHA256

ad7e6c626cc86651b7d4dcc12d75852df91f669fb097eced45967fc8c7ae12a8
SHA512

444d98c77eefb1036c1ef62bab4175f7f7747c1eaef73c9777090b01fbb23afd5877eb4ab40d781d94a0dd4e3650ce652be57695fe46cb1f0a82f61dc36e58a3
SSDEEP

24576:69ZVG1gbHqxv/FGD9rHzoKh01Irki5ianp/JMOPdMQJjBTZTvMMsRi5I7dwpAc:Cso97zwqYqJv/t7vsuGwpAc

Score

10^/10

vidar bc730fff484789f7a109d0ff3ef71135 spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

bc730fff484789f7a109d0ff3ef71135

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre

Attributes

profile_id_v2
bc730fff484789f7a109d0ff3ef71135
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  file.exe
- Size
  
  2.4MB
- MD5
  
  ea3117221a3f32361ac11237b2ca1010
- SHA1
  
  ba7faca67a6e73446645cbcc55035671a1ded54e
- SHA256
  
  ad7e6c626cc86651b7d4dcc12d75852df91f669fb097eced45967fc8c7ae12a8
- SHA512
  
  444d98c77eefb1036c1ef62bab4175f7f7747c1eaef73c9777090b01fbb23afd5877eb4ab40d781d94a0dd4e3650ce652be57695fe46cb1f0a82f61dc36e58a3
- SSDEEP
  
  24576:69ZVG1gbHqxv/FGD9rHzoKh01Irki5ianp/JMOPdMQJjBTZTvMMsRi5I7dwpAc:Cso97zwqYqJv/t7vsuGwpAc
Score

10^/10

vidar bc730fff484789f7a109d0ff3ef71135 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarbc730fff484789f7a109d0ff3ef71135spywarestealer

behavioral2

vidarbc730fff484789f7a109d0ff3ef71135spywarestealer