vidar | 533915e4d0ad9a2646008aa0806f1b5036494cace39a5a329af6e37b7bf72c8b | Triage

Sharing

General

Target

533915e4d0ad9a2646008aa0806f1b5036494cace39a5a329af6e37b7bf72c8b
Size

439KB
Sample

230530-elsyzsfd8v
MD5

c428b3ca191dfaea5f4228595ee1ae32
SHA1

9f3b782916f2c54d3a0f465039e3455bd19380e9
SHA256

533915e4d0ad9a2646008aa0806f1b5036494cace39a5a329af6e37b7bf72c8b
SHA512

eed48c9c9d5206c0fa74535f927174a4016eb3106c2c2bfaedf7c84c7cc6525dc3c065597d3af73054deec6f732b0da7283a54583b9f1f410c4c08381e777852
SSDEEP

6144:gWs4PVHTGCRpCinbN8RoFYNjI2J9N3QkHrTqqHTsg:gUVqC1nZA5hI2nN3tHfLzs

Score

10^/10

vidar a247b760bbf343752090be1436805458 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.1

Botnet

a247b760bbf343752090be1436805458

C2

https://t.me/task4manager

http://23.88.46.113:80

https://steamcommunity.com/profiles/76561199510444991

Attributes

profile_id_v2
a247b760bbf343752090be1436805458
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34

Targets

- Target
  
  533915e4d0ad9a2646008aa0806f1b5036494cace39a5a329af6e37b7bf72c8b
- Size
  
  439KB
- MD5
  
  c428b3ca191dfaea5f4228595ee1ae32
- SHA1
  
  9f3b782916f2c54d3a0f465039e3455bd19380e9
- SHA256
  
  533915e4d0ad9a2646008aa0806f1b5036494cace39a5a329af6e37b7bf72c8b
- SHA512
  
  eed48c9c9d5206c0fa74535f927174a4016eb3106c2c2bfaedf7c84c7cc6525dc3c065597d3af73054deec6f732b0da7283a54583b9f1f410c4c08381e777852
- SSDEEP
  
  6144:gWs4PVHTGCRpCinbN8RoFYNjI2J9N3QkHrTqqHTsg:gUVqC1nZA5hI2nN3tHfLzs
Score

10^/10

vidar a247b760bbf343752090be1436805458 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidara247b760bbf343752090be1436805458discoveryspywarestealer

behavioral2

vidara247b760bbf343752090be1436805458discoveryspywarestealer