vidar | b11e85d0eed98a012f018c818f72a0bc0d0521ea132a45a58f5de92da924c225 | Triage

Sharing

General

Target

bank_statement.scr
Size

25MB
Sample

230602-15z3asfb3w
MD5

dedd66f7cdc48224fb7fcbc795f69bfd
SHA1

00ab7277c89b9f0608f00997b219881a92e36888
SHA256

b11e85d0eed98a012f018c818f72a0bc0d0521ea132a45a58f5de92da924c225
SHA512

4ea3119416c786ec9667eaa499b3af40d196f4ecf2ffaac5e5b78ccbaba34ab867e302a10fc7964dc95284fafcffdeca3361886dffdc2c2ba2bf2fb5e664b8c3
SSDEEP

393216:iEbUSKA4SNAwLpQfgVehx8oyLZ8Ae0sCK9UCUQkiWajOHkzhSbfA:7bUXA4Vv9eoyt8Ae07K2CUdiWajOHe

Score

10^/10

vidar 850dc0663d2676536f88b82b3382fcb4 spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.1

Botnet

850dc0663d2676536f88b82b3382fcb4

C2

https://steamcommunity.com/profiles/76561199510444991

https://t.me/task4manager

Attributes

profile_id_v2
850dc0663d2676536f88b82b3382fcb4
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34

Targets

- Target
  
  bank_statement.scr
- Size
  
  25MB
- MD5
  
  dedd66f7cdc48224fb7fcbc795f69bfd
- SHA1
  
  00ab7277c89b9f0608f00997b219881a92e36888
- SHA256
  
  b11e85d0eed98a012f018c818f72a0bc0d0521ea132a45a58f5de92da924c225
- SHA512
  
  4ea3119416c786ec9667eaa499b3af40d196f4ecf2ffaac5e5b78ccbaba34ab867e302a10fc7964dc95284fafcffdeca3361886dffdc2c2ba2bf2fb5e664b8c3
- SSDEEP
  
  393216:iEbUSKA4SNAwLpQfgVehx8oyLZ8Ae0sCK9UCUQkiWajOHkzhSbfA:7bUXA4Vv9eoyt8Ae07K2CUdiWajOHe
Score

10^/10

vidar 850dc0663d2676536f88b82b3382fcb4 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vidar850dc0663d2676536f88b82b3382fcb4spywarestealer

behavioral2

vidar850dc0663d2676536f88b82b3382fcb4spywarestealer