vidar | 50af042a96a7cd69b4d895c91f767c571aa6bd03c1dcaf21b517fbb75217ec47 | Triage

Sharing

General

Target

50af042a96a7cd69b4d895c91f767c571aa6bd03c1dcaf21b517fbb75217ec47
Size

502KB
Sample

230615-y8akpsah8y
MD5

fc32f42ee0146b5ac0d96e2f877e77bc
SHA1

a8f277c396daf10c4fb3b7072ea3a535aa114921
SHA256

50af042a96a7cd69b4d895c91f767c571aa6bd03c1dcaf21b517fbb75217ec47
SHA512

34c119c988b2c2067071fd35aee57483b0360a787783718406b733af69b45868b9aa8e8d05d47101e57c90a6e4ae8bf0960321ec1ace8ebd0ad3508e639d8b42
SSDEEP

12288:93A73SMiQqArFGV/zIv6jAocA0IYxjUFW7FUUcVExeW8Yf0Ah3RIArF1uNnxI2Oj:9F/74cWR7JFhd

Score

10^/10

vidar 89ee4bbf22c7d753e1a9ef8f2bd34ce7 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.3

Botnet

89ee4bbf22c7d753e1a9ef8f2bd34ce7

C2

https://steamcommunity.com/profiles/76561199514261168

https://t.me/kamaprimo

Attributes

profile_id_v2
89ee4bbf22c7d753e1a9ef8f2bd34ce7
user_agent
Mozilla/5.0 (Linux; U; Tizen 2.0; en-us) AppleWebKit/537.1 (KHTML, like Gecko) Mobile TizenBrowser/2.0

Targets

- Target
  
  50af042a96a7cd69b4d895c91f767c571aa6bd03c1dcaf21b517fbb75217ec47
- Size
  
  502KB
- MD5
  
  fc32f42ee0146b5ac0d96e2f877e77bc
- SHA1
  
  a8f277c396daf10c4fb3b7072ea3a535aa114921
- SHA256
  
  50af042a96a7cd69b4d895c91f767c571aa6bd03c1dcaf21b517fbb75217ec47
- SHA512
  
  34c119c988b2c2067071fd35aee57483b0360a787783718406b733af69b45868b9aa8e8d05d47101e57c90a6e4ae8bf0960321ec1ace8ebd0ad3508e639d8b42
- SSDEEP
  
  12288:93A73SMiQqArFGV/zIv6jAocA0IYxjUFW7FUUcVExeW8Yf0Ah3RIArF1uNnxI2Oj:9F/74cWR7JFhd
Score

10^/10

vidar 89ee4bbf22c7d753e1a9ef8f2bd34ce7 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar89ee4bbf22c7d753e1a9ef8f2bd34ce7discoveryspywarestealer