vidar | 47236e5c40be68b57143b5e1359dd109acf6ec6434ade9012ea1b1cbdb533d7e | Triage

Resubmissions

15-05-2023 03:41

230515-d837ssef53 10

Sharing

General

Target

Sеt-uр32X64bit.rar
Size

15.1MB
Sample

230515-d837ssef53
MD5

fac525fc0740126faef1f08301a8deab
SHA1

0df43dccd607d9ff8012a55e552de19534e5f1be
SHA256

47236e5c40be68b57143b5e1359dd109acf6ec6434ade9012ea1b1cbdb533d7e
SHA512

3543ccb554c10c3869156eedae13e1891b74667dc4888e4e9200ef4f004183f57b3af730121b06409f6ba8cf241a37ec7ab72854f10ad0c03545209426cb9f5f
SSDEEP

393216:JxjEtgjG8RwU2Ee9omAn4xN6dClIuThKu3b:JnjGOxcomOEN6UOudKw

Score

10^/10

vidar ab19e4e739c4a9003c3f387b732415fd spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

ab19e4e739c4a9003c3f387b732415fd

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre

Attributes

profile_id_v2
ab19e4e739c4a9003c3f387b732415fd
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  Sеt-uр32X64bit.exe
- Size
  
  1023.0MB
- MD5
  
  8a93cfb939fa2511b9dae1511124bd2e
- SHA1
  
  cdf4351b58fdbf107abb4b0675ece7247f74b614
- SHA256
  
  37af3d18beed9d7634ed8f4bc533068999804a1b4def2181bfbb83bb0eb797d1
- SHA512
  
  d9b7ba02e2ea0e87f71ac561784fa3849f156ed8c5353ba75ca0643b9a0c7547c08d95eb1484afed187aa27a6573b77ad5d6433a9d8641697ce37ff0c9dd444f
- SSDEEP
  
  98304:2T8yyyypnC7VRn8p/qlqb8mUFU1JywLh0dAMLCXq1lUCe49QiRe:TyyyypncVF8cYYmtbb0dAMW6jrih
Score

10^/10

vidar ab19e4e739c4a9003c3f387b732415fd spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarab19e4e739c4a9003c3f387b732415fdspywarestealer