vidar | c484af9d90f4ee9db8f065be845eb6f47d7281e769e6e35a083790a6d66e4391 | Triage

Resubmissions

02-09-2023 20:13

230902-yzsd6afd3t 10

Sharing

General

Target

Presentation info.rar.7z
Size

75.5MB
Sample

230902-yzsd6afd3t
MD5

92f616c834bbd8a01cfcde443260eaa2
SHA1

2de4be167d1813f3be88a2e4333e0b5b1912a260
SHA256

c484af9d90f4ee9db8f065be845eb6f47d7281e769e6e35a083790a6d66e4391
SHA512

e9ed356518099c1a72f6691382f6a26935ab0c2b5a70cbb8333fa8d00b4ec7c26f5cb227cf7d1434e36a25d0485e7119d8c179a7b568daf4f2263fd5d4b30f3f
SSDEEP

1572864:gVlhGbVTSkoi4GAZ4N4fK92AXOr0cw5Im8mfxhq6Ltf:8O+VLGAk72905HfW6

Score

10^/10

vidar 86277575c381e1fefb9bf290d771e6f1 spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.4

Botnet

86277575c381e1fefb9bf290d771e6f1

C2

https://steamcommunity.com/profiles/76561199545993403

http://79.137.206.192:80

https://t.me/vogogor

Attributes

profile_id_v2
86277575c381e1fefb9bf290d771e6f1
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.2.13 (KHTML, like Gecko) Version/16.5.2 Safari/605.2.13

Targets

- Target
  
  Presentation info/Presentation info.exe
- Size
  
  93.2MB
- MD5
  
  e06a97f4714b6d0e62c51b3395a64a6e
- SHA1
  
  870e5cc5a18acb41c1377c6a47b4cef76723a2e1
- SHA256
  
  5e374fbc3960dd68c2cef4209851103f5623957e9815a0be720befd7899d3cc0
- SHA512
  
  b0483408723e5bd786d8170c2b46c25d1f37f2bca9f0f6855c8b94a2acea914dd45a3e479299bd9aeb920d6966667b729e7cbe4a03126945d90e4f33c7169df7
- SSDEEP
  
  1572864:UjA+Zh4QkjGuWsqebzyuGqNMnKuEqHhaPd5nC8DDkeZZZZZsOKa1pVeOKCr7ZPo:UjA+P43jRWshbzyuNMnlEqIPrzDkeZZs
Score

10^/10

vidar 86277575c381e1fefb9bf290d771e6f1 spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar86277575c381e1fefb9bf290d771e6f1spywarestealer