vidar | 5279a9a1f2521b29d83b608c4d5c9e8cf539dbff4ff730b9811d613c59205a3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5279a9a1f2521b29d83b608c4d5c9e8cf539dbff4ff730b9811d613c59205a3cexe_JC.exe
Size

353KB
Sample

230803-v2x6msgb9x
MD5

7134fb3a818a39ee282f1dfc523b0696
SHA1

300f59ece15262c4523966c12b87611352c45fec
SHA256

5279a9a1f2521b29d83b608c4d5c9e8cf539dbff4ff730b9811d613c59205a3c
SHA512

af19ba9faee3dee572d2217530491adb7400a2e69f0b87600acca323cb4b787199e490f155810c0e21cabb964c04975aa295abe61c09c50687457f1c70344051
SSDEEP

6144:bLu/AmzgwKqqvzcyMf0whInEZ8pfvT89Rhbg8F:bK/dVuq2TVw5c8F

Score

10^/10

vidar 6587e364354e0763c3dc725936a67c43 spyware stealer

Malware Config

Extracted

Family

vidar

Version

4.9

Botnet

6587e364354e0763c3dc725936a67c43

C2

https://t.me/dastantim

https://steamcommunity.com/profiles/76561199529242058

Attributes

profile_id_v2
6587e364354e0763c3dc725936a67c43
user_agent
Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  5279a9a1f2521b29d83b608c4d5c9e8cf539dbff4ff730b9811d613c59205a3cexe_JC.exe
- Size
  
  353KB
- MD5
  
  7134fb3a818a39ee282f1dfc523b0696
- SHA1
  
  300f59ece15262c4523966c12b87611352c45fec
- SHA256
  
  5279a9a1f2521b29d83b608c4d5c9e8cf539dbff4ff730b9811d613c59205a3c
- SHA512
  
  af19ba9faee3dee572d2217530491adb7400a2e69f0b87600acca323cb4b787199e490f155810c0e21cabb964c04975aa295abe61c09c50687457f1c70344051
- SSDEEP
  
  6144:bLu/AmzgwKqqvzcyMf0whInEZ8pfvT89Rhbg8F:bK/dVuq2TVw5c8F
Score

10^/10

vidar 6587e364354e0763c3dc725936a67c43 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar6587e364354e0763c3dc725936a67c43spywarestealer

behavioral2

vidar6587e364354e0763c3dc725936a67c43spywarestealer