vidar | 203486e2fa7399940f9de7be86d8ced89142847248849fb2b61907b7636b3a6e | Triage

Sharing

General

Target

203486e2fa7399940f9de7be86d8ced89142847248849fb2b61907b7636b3a6e
Size

1.2MB
Sample

230822-lv7l3ada7y
MD5

4000d73591008a90cb68bf3b1978c1a6
SHA1

10cf75d5dce1072c3912485afbc21f487ccaee4d
SHA256

203486e2fa7399940f9de7be86d8ced89142847248849fb2b61907b7636b3a6e
SHA512

b11e08f94e4b62d8f1f379e4304bcd270c53002d4b8a1cf15b883005b01ee29a315bebd4d106648a8a017306fd7457d258f7f0587a6bfc2904ba15d691acc1ae
SSDEEP

24576:FbKCCCCCCCCCCCCCCCCCCCCCCCFn9S1feNeW:t6kNeW

Score

10^/10

vidar 1672 stealer

Malware Config

Extracted

Family

vidar

Version

54.5

Botnet

1672

C2

https://t.me/okxtraders

https://c.im/@easybytezz

Attributes

profile_id
1672

Targets

- Target
  
  203486e2fa7399940f9de7be86d8ced89142847248849fb2b61907b7636b3a6e
- Size
  
  1.2MB
- MD5
  
  4000d73591008a90cb68bf3b1978c1a6
- SHA1
  
  10cf75d5dce1072c3912485afbc21f487ccaee4d
- SHA256
  
  203486e2fa7399940f9de7be86d8ced89142847248849fb2b61907b7636b3a6e
- SHA512
  
  b11e08f94e4b62d8f1f379e4304bcd270c53002d4b8a1cf15b883005b01ee29a315bebd4d106648a8a017306fd7457d258f7f0587a6bfc2904ba15d691acc1ae
- SSDEEP
  
  24576:FbKCCCCCCCCCCCCCCCCCCCCCCCFn9S1feNeW:t6kNeW
Score

10^/10

vidar 1672 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidar1672stealer

behavioral2

vidar1672stealer