vidar

General

Target

Loader.rar
Size

1.9MB
Sample

230529-sdaz4acc98
MD5

62a2e8de31c7835c4273eb2c60fe4924
SHA1

22e2f5a99974f9e5b1566245f5f712d2bcef396e
SHA256

52f72f2ef4dd5e569025da115c891438565efa9aaa400f31e3a61313a9ce4243
SHA512

52b84f8c0fdf9d31bb0b371333ff8b4a67faf76e8e42a57c512b6a8951260ab076374ffea7922b92fac0d2bd4bae95ffd1151a0ee1e7310c95ddf086ed31416c
SSDEEP

49152:7D/0DZee/Yor/5YJ2g4NzW1KPD+S0foazh/LfGGVrkNwJJy:7D0H/YoL5YJ2g4NzWMSSaxGGVgNwJJy

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

4

Botnet

24108ab9b5f23bbf924b5eff629e21b6

C2

https://steamcommunity.com/profiles/76561199508624021

https://t.me/looking_glassbot

Attributes

profile_id_v2
24108ab9b5f23bbf924b5eff629e21b6
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

Targets

- Target
  
  Loader.rar
- Size
  
  1.9MB
- MD5
  
  62a2e8de31c7835c4273eb2c60fe4924
- SHA1
  
  22e2f5a99974f9e5b1566245f5f712d2bcef396e
- SHA256
  
  52f72f2ef4dd5e569025da115c891438565efa9aaa400f31e3a61313a9ce4243
- SHA512
  
  52b84f8c0fdf9d31bb0b371333ff8b4a67faf76e8e42a57c512b6a8951260ab076374ffea7922b92fac0d2bd4bae95ffd1151a0ee1e7310c95ddf086ed31416c
- SSDEEP
  
  49152:7D/0DZee/Yor/5YJ2g4NzW1KPD+S0foazh/LfGGVrkNwJJy:7D0H/YoL5YJ2g4NzWMSSaxGGVgNwJJy
Score

10^/10

vidar 24108ab9b5f23bbf924b5eff629e21b6 spyware stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2