vidar | 962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15ffe14a177ee7b6327370e89b027cbb.exe
Size

3.5MB
Sample

230702-y1j46seg8v
MD5

15ffe14a177ee7b6327370e89b027cbb
SHA1

845e7a0377e76ba287aa9c186dc78da1c9becb4d
SHA256

962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712
SHA512

4712e19b9f2de19d703b7f98a2ce7415679d6ddf70a0f2d3924a21785f7cc94e8af6861998c90234918b1fc8c5dc48fecb634b6c85e259d12c7d0850085355d7
SSDEEP

49152:3WW6cF5QK0CH90hRcRyydwnWmjHCkrmOydqfPbTRr:mBRK0m9fq/jHNJPR

Score

10^/10

vidar 3cfc9fefd81f869739a6003b27a51d67 spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.5

Botnet

3cfc9fefd81f869739a6003b27a51d67

C2

https://steamcommunity.com/profiles/76561199520592470

https://t.me/motafan

Attributes

profile_id_v2
3cfc9fefd81f869739a6003b27a51d67
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0

Targets

- Target
  
  15ffe14a177ee7b6327370e89b027cbb.exe
- Size
  
  3.5MB
- MD5
  
  15ffe14a177ee7b6327370e89b027cbb
- SHA1
  
  845e7a0377e76ba287aa9c186dc78da1c9becb4d
- SHA256
  
  962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712
- SHA512
  
  4712e19b9f2de19d703b7f98a2ce7415679d6ddf70a0f2d3924a21785f7cc94e8af6861998c90234918b1fc8c5dc48fecb634b6c85e259d12c7d0850085355d7
- SSDEEP
  
  49152:3WW6cF5QK0CH90hRcRyydwnWmjHCkrmOydqfPbTRr:mBRK0m9fq/jHNJPR
Score

10^/10

vidar 3cfc9fefd81f869739a6003b27a51d67 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar3cfc9fefd81f869739a6003b27a51d67spywarestealer