vidar | e9df1b2c28b0b540b85feddd147ecf62c65b206c9c3d412bba51ded80c300724 | Triage

Sharing

General

Target

15ffe14a177ee7b6327370e89b027cbb.bin
Size

1.3MB
Sample

230704-bddmjsae94
MD5

3f597b67228b44de1362abbd3d7576c0
SHA1

4c0a51573bd55b9ac6c5c25fd87c737ffce1c34c
SHA256

e9df1b2c28b0b540b85feddd147ecf62c65b206c9c3d412bba51ded80c300724
SHA512

a1257e3c781c79ed10bb8f23cf22a3b1b78d422186dd2d148936065b394e7a6cd47ccd959a5e0e5cc34dcd51b2b0891c2103f4855f166b077713eb3108048d47
SSDEEP

24576:Jh49WB4kZhJyq6v1R21tlolLDNmgSWrdlRR0TyGrw/qQSIHZjQUXnu:Jh49WJIQ8rg96qQlHBQUXnu

Score

10^/10

vidar 3cfc9fefd81f869739a6003b27a51d67 spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.5

Botnet

3cfc9fefd81f869739a6003b27a51d67

C2

https://steamcommunity.com/profiles/76561199520592470

https://t.me/motafan

Attributes

profile_id_v2
3cfc9fefd81f869739a6003b27a51d67
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0

Targets

- Target
  
  962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712.exe
- Size
  
  3.5MB
- MD5
  
  15ffe14a177ee7b6327370e89b027cbb
- SHA1
  
  845e7a0377e76ba287aa9c186dc78da1c9becb4d
- SHA256
  
  962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712
- SHA512
  
  4712e19b9f2de19d703b7f98a2ce7415679d6ddf70a0f2d3924a21785f7cc94e8af6861998c90234918b1fc8c5dc48fecb634b6c85e259d12c7d0850085355d7
- SSDEEP
  
  49152:3WW6cF5QK0CH90hRcRyydwnWmjHCkrmOydqfPbTRr:mBRK0m9fq/jHNJPR
Score

10^/10

vidar 3cfc9fefd81f869739a6003b27a51d67 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar3cfc9fefd81f869739a6003b27a51d67spywarestealer