vidar | 8e9b2969c35264d35e62a3cd6fd03793474c202a385cb6f7ef41650b45058c5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

5.1MB
Sample

230610-2v37msgg3x
MD5

313595a901a40b293a8be6cb221ba72c
SHA1

ab07b77edda91de0bd2f04eb7cbbb001b65ea0db
SHA256

8e9b2969c35264d35e62a3cd6fd03793474c202a385cb6f7ef41650b45058c5e
SHA512

ff6b723fc09d6e4031d23569c337f508a39caeca1a3b392d3a251d5180a898d4790c2a99f31088f4f00fd83eba4f2ba8ea5a50fce429c8938b8aedff47d39ce5
SSDEEP

98304:WDls8B/swwL5YCDNO/sa5mEFOt2SgBqR5+mx0+41mgFIym+a1DVU4Kkj2SzHZ:WD6OZ85YkN2sa5m12jcx0R7Ra1a4K0Z

Score

10^/10

vidar 98d0d34b4e35131252d3d615526218ea discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

98d0d34b4e35131252d3d615526218ea

C2

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag

Attributes

profile_id_v2
98d0d34b4e35131252d3d615526218ea
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Targets

- Target
  
  file.exe
- Size
  
  5.1MB
- MD5
  
  313595a901a40b293a8be6cb221ba72c
- SHA1
  
  ab07b77edda91de0bd2f04eb7cbbb001b65ea0db
- SHA256
  
  8e9b2969c35264d35e62a3cd6fd03793474c202a385cb6f7ef41650b45058c5e
- SHA512
  
  ff6b723fc09d6e4031d23569c337f508a39caeca1a3b392d3a251d5180a898d4790c2a99f31088f4f00fd83eba4f2ba8ea5a50fce429c8938b8aedff47d39ce5
- SSDEEP
  
  98304:WDls8B/swwL5YCDNO/sa5mEFOt2SgBqR5+mx0+41mgFIym+a1DVU4Kkj2SzHZ:WD6OZ85YkN2sa5m12jcx0R7Ra1a4K0Z
Score

10^/10

vidar 98d0d34b4e35131252d3d615526218ea discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar98d0d34b4e35131252d3d615526218eadiscoveryspywarestealer

behavioral2

vidar98d0d34b4e35131252d3d615526218eadiscoveryspywarestealer