vidar | 66337b6e8a6117d46ffbaed1ffce2345674e67106e27c97895f655a999511531 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

buildjj_JC.exe
Size

420KB
Sample

230901-t3wtjafh9y
MD5

3bb83d8faee0adb5b1e5281de2757d34
SHA1

fa91b2403a17d73ec576bec86aad40c48c460c61
SHA256

66337b6e8a6117d46ffbaed1ffce2345674e67106e27c97895f655a999511531
SHA512

f455669988c2cf57c85f6ceee453cda6e1b8c548a24c48a876871ff5e40fd501fc2dcb19642cefe1b8039c85d1da25c095dc55c4353f2a210a51dd5f553d615a
SSDEEP

12288:SeT3EEE1epldN4ICyJiGoN6HwKnbR7tmxGe9/jFFG60DG:SeT0EEMpldNuyJiYHwKbRm/j3I

Score

10^/10

vidar 8027148886cf270a67174e17ebea81f8 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.3

Botnet

8027148886cf270a67174e17ebea81f8

C2

https://t.me/buukcay

https://steamcommunity.com/profiles/76561199544211655

Attributes

profile_id_v2
8027148886cf270a67174e17ebea81f8

Targets

- Target
  
  buildjj_JC.exe
- Size
  
  420KB
- MD5
  
  3bb83d8faee0adb5b1e5281de2757d34
- SHA1
  
  fa91b2403a17d73ec576bec86aad40c48c460c61
- SHA256
  
  66337b6e8a6117d46ffbaed1ffce2345674e67106e27c97895f655a999511531
- SHA512
  
  f455669988c2cf57c85f6ceee453cda6e1b8c548a24c48a876871ff5e40fd501fc2dcb19642cefe1b8039c85d1da25c095dc55c4353f2a210a51dd5f553d615a
- SSDEEP
  
  12288:SeT3EEE1epldN4ICyJiGoN6HwKnbR7tmxGe9/jFFG60DG:SeT0EEMpldNuyJiYHwKbRm/j3I
Score

10^/10

vidar 8027148886cf270a67174e17ebea81f8 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar8027148886cf270a67174e17ebea81f8discoveryspywarestealer

behavioral2

vidar8027148886cf270a67174e17ebea81f8discoveryspywarestealer