vidar | 6ba3d50f87b4c2c81a8ab9247f2fafa6f4ec31d1f3acffbdb40a83ab351df9be | Triage

Sharing

General

Target

90c4d8c8f396f66d9b556ab05344a8cd.exe
Size

93KB
Sample

230616-nc5e4aed3z
MD5

90c4d8c8f396f66d9b556ab05344a8cd
SHA1

4869f0a7a3a68f4638556e9df0eef34ea0fdc9d7
SHA256

6ba3d50f87b4c2c81a8ab9247f2fafa6f4ec31d1f3acffbdb40a83ab351df9be
SHA512

4d5a61a89f6e003b92f093385bd56f5d798ac73c1cc524b261a3ff704d251ef1cb450177404651b072feab954c94f617a88bdb55620920ac620c2c115d6b960f
SSDEEP

1536:Irae78zjORCDGwfdCSog01313OQs5gcURDoq4OZZZLlCIibQwfclq8wJ:AahKyd2n31+Z5IRD68wbQbl4J

Score

10^/10

vidar 89433a6dbe159bb95b623839dcca3e27 persistence spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.3

Botnet

89433a6dbe159bb95b623839dcca3e27

C2

https://steamcommunity.com/profiles/76561199514261168

https://t.me/kamaprimo

Attributes

profile_id_v2
89433a6dbe159bb95b623839dcca3e27
user_agent
Mozilla/5.0 (Linux; U; Tizen 2.0; en-us) AppleWebKit/537.1 (KHTML, like Gecko) Mobile TizenBrowser/2.0

Targets

- Target
  
  90c4d8c8f396f66d9b556ab05344a8cd.exe
- Size
  
  93KB
- MD5
  
  90c4d8c8f396f66d9b556ab05344a8cd
- SHA1
  
  4869f0a7a3a68f4638556e9df0eef34ea0fdc9d7
- SHA256
  
  6ba3d50f87b4c2c81a8ab9247f2fafa6f4ec31d1f3acffbdb40a83ab351df9be
- SHA512
  
  4d5a61a89f6e003b92f093385bd56f5d798ac73c1cc524b261a3ff704d251ef1cb450177404651b072feab954c94f617a88bdb55620920ac620c2c115d6b960f
- SSDEEP
  
  1536:Irae78zjORCDGwfdCSog01313OQs5gcURDoq4OZZZLlCIibQwfclq8wJ:AahKyd2n31+Z5IRD68wbQbl4J
Score

10^/10

vidar 89433a6dbe159bb95b623839dcca3e27 persistence spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar89433a6dbe159bb95b623839dcca3e27persistencespywarestealer

behavioral2

vidar89433a6dbe159bb95b623839dcca3e27persistencespywarestealer