vidar | fa70210641dbdb01ebd60ff4b1e39efeeaa16d4570ef97f9f20824f5adb7d43c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

r3azexe.exe
Size

18.2MB
Sample

230705-p6546acd75
MD5

2bf6ddc2abe23a073214f97644b3b7dd
SHA1

1d8235fb23afe858e75f2a845fcdbf9a54475d92
SHA256

fa70210641dbdb01ebd60ff4b1e39efeeaa16d4570ef97f9f20824f5adb7d43c
SHA512

3b743e4b9fa20dec2db95a1d40ec844141895b870e0a9a19d7c8daa19fd41274309f25ce297cd95069265da25e0ea23b7f26e1086bb8cced1fdccf43afb6e335
SSDEEP

393216:MR/zZKuDHO7G9ysRXm31AB8I7j1ZxRNibP0aVesOPG:Y/zBuq9L8Anj19NWPZ

Score

10^/10

vidar e7ea1e37142cdab711cad668b60e14ab spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.6

Botnet

e7ea1e37142cdab711cad668b60e14ab

C2

https://steamcommunity.com/profiles/76561199523054520

https://t.me/game4serv

Attributes

profile_id_v2
e7ea1e37142cdab711cad668b60e14ab
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0

Targets

- Target
  
  r3azexe.exe
- Size
  
  18.2MB
- MD5
  
  2bf6ddc2abe23a073214f97644b3b7dd
- SHA1
  
  1d8235fb23afe858e75f2a845fcdbf9a54475d92
- SHA256
  
  fa70210641dbdb01ebd60ff4b1e39efeeaa16d4570ef97f9f20824f5adb7d43c
- SHA512
  
  3b743e4b9fa20dec2db95a1d40ec844141895b870e0a9a19d7c8daa19fd41274309f25ce297cd95069265da25e0ea23b7f26e1086bb8cced1fdccf43afb6e335
- SSDEEP
  
  393216:MR/zZKuDHO7G9ysRXm31AB8I7j1ZxRNibP0aVesOPG:Y/zBuq9L8Anj19NWPZ
Score

10^/10

vidar e7ea1e37142cdab711cad668b60e14ab spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidare7ea1e37142cdab711cad668b60e14abspywarestealer