vidar | 5774bde7146d959bade7f3976943fae0e43fa497eeabf318fb97f829854392cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LauncherS0FT.exe
Size

810.9MB
Sample

230709-x4b3asfe76
MD5

a7b4ac9550a8d63bc992147aca794821
SHA1

537e90a20244228c928bc0d1f01907fd7f246894
SHA256

5774bde7146d959bade7f3976943fae0e43fa497eeabf318fb97f829854392cc
SHA512

e745aa07091730032f626b4d5c69d80e3b6f3ec431009245c5480bd90e6d9adffc3b6170e2571392026c590dd11673739ca26d3ef4beec05e0b369f8ee88a741
SSDEEP

196608:UpReULRqbyXOBJwTXes1xJFme/aWDnBYSnfh8p1oLgDOmkT:UwE+CTX71HkeSO6Ip8pmLfmkT

Score

10^/10

vidar fc787ec968ec360fbe65a94cb1c1aabd discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.6

Botnet

fc787ec968ec360fbe65a94cb1c1aabd

C2

https://steamcommunity.com/profiles/76561199523054520

https://t.me/vookihhfd

https://t.me/booliiksws

https://t.me/game4serv

Attributes

profile_id_v2
fc787ec968ec360fbe65a94cb1c1aabd
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0

Targets

- Target
  
  LauncherS0FT.exe
- Size
  
  810.9MB
- MD5
  
  a7b4ac9550a8d63bc992147aca794821
- SHA1
  
  537e90a20244228c928bc0d1f01907fd7f246894
- SHA256
  
  5774bde7146d959bade7f3976943fae0e43fa497eeabf318fb97f829854392cc
- SHA512
  
  e745aa07091730032f626b4d5c69d80e3b6f3ec431009245c5480bd90e6d9adffc3b6170e2571392026c590dd11673739ca26d3ef4beec05e0b369f8ee88a741
- SSDEEP
  
  196608:UpReULRqbyXOBJwTXes1xJFme/aWDnBYSnfh8p1oLgDOmkT:UwE+CTX71HkeSO6Ip8pmLfmkT
Score

10^/10

vidar fc787ec968ec360fbe65a94cb1c1aabd discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfc787ec968ec360fbe65a94cb1c1aabddiscoveryspywarestealer

behavioral2

vidarfc787ec968ec360fbe65a94cb1c1aabddiscoveryspywarestealer