vidar | fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac | Triage

Sharing

General

Target

fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac
Size

374KB
Sample

230603-v715gshd86
MD5

7499c20554084c32e5881c30ac3031d0
SHA1

61e7c42a4a20fa8f12f44b7c771ebedc4be5fb17
SHA256

fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac
SHA512

d91ecf20a60f124b862fdcbc7de142f4a6309fcf5959ada864c865c5ff9e53388cd12b0a9e1ea53ab333be39d39fc59c7c7b684a83a205d2a706b9d087fd4322
SSDEEP

6144:NY6Y/7plOmn9yd/s9h01JbPU5Kxx7tVZohR/HBZomU0fJMk:2X7pYHd/s9ujwKbRythZomU

Score

10^/10

vidar a247b760bbf343752090be1436805458 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.1

Botnet

a247b760bbf343752090be1436805458

C2

https://t.me/task4manager

http://23.88.46.113:80

https://steamcommunity.com/profiles/76561199510444991

Attributes

profile_id_v2
a247b760bbf343752090be1436805458
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34

Targets

- Target
  
  fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac
- Size
  
  374KB
- MD5
  
  7499c20554084c32e5881c30ac3031d0
- SHA1
  
  61e7c42a4a20fa8f12f44b7c771ebedc4be5fb17
- SHA256
  
  fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac
- SHA512
  
  d91ecf20a60f124b862fdcbc7de142f4a6309fcf5959ada864c865c5ff9e53388cd12b0a9e1ea53ab333be39d39fc59c7c7b684a83a205d2a706b9d087fd4322
- SSDEEP
  
  6144:NY6Y/7plOmn9yd/s9h01JbPU5Kxx7tVZohR/HBZomU0fJMk:2X7pYHd/s9ujwKbRythZomU
Score

10^/10

vidar a247b760bbf343752090be1436805458 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidara247b760bbf343752090be1436805458discoveryspywarestealer