vidar | 8004406f66d618620c5225dc05181de1a06153f0e80c006526faa299fe6201ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8004406f66d618620c5225dc05181de1a06153f0e80c006526faa299fe6201ad
Size

401KB
Sample

230526-12x4jahg21
MD5

d11cd785ef5405f9f05bdd4d4880ab01
SHA1

ca4f9695de67b71395a4d08535ab8ec98517bb23
SHA256

8004406f66d618620c5225dc05181de1a06153f0e80c006526faa299fe6201ad
SHA512

fb26a831db798147875843b0351577a5f538a70ee8552ffa03e849e5f83d0e172d0412c3ceb3be9c48a049eabddd7a0cc0ed5a0d40c9fa674541ffec912d98a6
SSDEEP

6144:Z1TLDy7nbkvuzWatmQHrCPtza0sU/ONy/gEfmOqO:ZpW7YvuzWPmYl/ON5EfmOX

Score

10^/10

vidar 1a17cbbfddb273b0a3e99fb9be4c848a discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4

Botnet

1a17cbbfddb273b0a3e99fb9be4c848a

C2

https://steamcommunity.com/profiles/76561199508624021

https://t.me/looking_glassbot

Attributes

profile_id_v2
1a17cbbfddb273b0a3e99fb9be4c848a
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

Targets

- Target
  
  8004406f66d618620c5225dc05181de1a06153f0e80c006526faa299fe6201ad
- Size
  
  401KB
- MD5
  
  d11cd785ef5405f9f05bdd4d4880ab01
- SHA1
  
  ca4f9695de67b71395a4d08535ab8ec98517bb23
- SHA256
  
  8004406f66d618620c5225dc05181de1a06153f0e80c006526faa299fe6201ad
- SHA512
  
  fb26a831db798147875843b0351577a5f538a70ee8552ffa03e849e5f83d0e172d0412c3ceb3be9c48a049eabddd7a0cc0ed5a0d40c9fa674541ffec912d98a6
- SSDEEP
  
  6144:Z1TLDy7nbkvuzWatmQHrCPtza0sU/ONy/gEfmOqO:ZpW7YvuzWPmYl/ON5EfmOX
Score

10^/10

vidar 1a17cbbfddb273b0a3e99fb9be4c848a discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1a17cbbfddb273b0a3e99fb9be4c848adiscoveryspywarestealer