vidar | 3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

3d9cf227ef...a4.exe

windows10-1703-x64

Resubmissions

17/05/2023, 13:33

230517-qtx4fsfc26 10

17/05/2023, 12:56

230517-p6hc4aeb3z 10

16/05/2023, 10:09

230516-l68cqsag9z 10

Sharing

General

Target

3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4
Size

379KB
Sample

230517-p6hc4aeb3z
MD5

37b6aab56a0f770ce58a670322361a1c
SHA1

87606604cdaa89b93d4d1b5e3e12f5ec24f60016
SHA256

3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4
SHA512

7b99a56e2160b3f910f75b5d21975587310ad61738613cefbce0d0b25c9d3af07ebeae9c6668907e00e2866259fcca079b4137e06c0d7cede5c5e5178d030a1e
SSDEEP

6144:Z75e2xvLAzYv1zvvnLFcQYhKzAMq4Y3eaXyf3h5tJwJlYEqRCXq9lBSw:x0zG5vnaQY7Mq+55EkEqOqnBS

Score

10^/10

vidar 9dfa7ee730fa2f1efb5ed51dbbec22f5 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4.exe

Resource

win10-20230220-en

vidar 9dfa7ee730fa2f1efb5ed51dbbec22f5 discovery spyware stealer

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

3.9

Botnet

9dfa7ee730fa2f1efb5ed51dbbec22f5

C2

https://steamcommunity.com/profiles/76561199263069598

https://t.me/cybehost

Attributes

profile_id_v2
9dfa7ee730fa2f1efb5ed51dbbec22f5
user_agent
Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.7 (like Gecko) (Debian)

Targets

- Target
  
  3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4
- Size
  
  379KB
- MD5
  
  37b6aab56a0f770ce58a670322361a1c
- SHA1
  
  87606604cdaa89b93d4d1b5e3e12f5ec24f60016
- SHA256
  
  3d9cf227ef3c29b9ca22c66359fdd61d9b3d3f2bb197ec3df42d49ff22b989a4
- SHA512
  
  7b99a56e2160b3f910f75b5d21975587310ad61738613cefbce0d0b25c9d3af07ebeae9c6668907e00e2866259fcca079b4137e06c0d7cede5c5e5178d030a1e
- SSDEEP
  
  6144:Z75e2xvLAzYv1zvvnLFcQYhKzAMq4Y3eaXyf3h5tJwJlYEqRCXq9lBSw:x0zG5vnaQY7Mq+55EkEqOqnBS
Score

10^/10

vidar 9dfa7ee730fa2f1efb5ed51dbbec22f5 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar9dfa7ee730fa2f1efb5ed51dbbec22f5discoveryspywarestealer

© 2018-2025

Terms | Privacy