vidar | 3cd9e155fca2eca60ed8a316efcebd2a45317ab4b957d0e8eef7470a104e845b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1aaa52189ea936706d63c56f0357f7bb_JC.exe
Size

349KB
Sample

230903-lfe89sgh31
MD5

1aaa52189ea936706d63c56f0357f7bb
SHA1

b96945fe789ec4e5039eec2f6f2ed20206843b7b
SHA256

3cd9e155fca2eca60ed8a316efcebd2a45317ab4b957d0e8eef7470a104e845b
SHA512

286d78256e12182f7a485032be9a260888a000ffb06cde18511150d993890ec6aceb2fccdd98fe8eaea9a64dd7dafd4f9d8a96265243448c0dc0cbd031fd9fd4
SSDEEP

3072:q7FdzYZmtp5fNIwqus6kd4RDUAStYwUhTWCdcfNYgOx3Bpllhqb7E/XIOnjireyf:qrz7ZfNu6kdQoYwUtQNYJxrbqs/XQey

Score

10^/10

vidar b2ced91faf30889899f34458f95b8e93 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.4

Botnet

b2ced91faf30889899f34458f95b8e93

C2

https://t.me/vogogor

https://steamcommunity.com/profiles/76561199545993403

Attributes

profile_id_v2
b2ced91faf30889899f34458f95b8e93
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.2.13 (KHTML, like Gecko) Version/16.5.2 Safari/605.2.13

Targets

- Target
  
  1aaa52189ea936706d63c56f0357f7bb_JC.exe
- Size
  
  349KB
- MD5
  
  1aaa52189ea936706d63c56f0357f7bb
- SHA1
  
  b96945fe789ec4e5039eec2f6f2ed20206843b7b
- SHA256
  
  3cd9e155fca2eca60ed8a316efcebd2a45317ab4b957d0e8eef7470a104e845b
- SHA512
  
  286d78256e12182f7a485032be9a260888a000ffb06cde18511150d993890ec6aceb2fccdd98fe8eaea9a64dd7dafd4f9d8a96265243448c0dc0cbd031fd9fd4
- SSDEEP
  
  3072:q7FdzYZmtp5fNIwqus6kd4RDUAStYwUhTWCdcfNYgOx3Bpllhqb7E/XIOnjireyf:qrz7ZfNu6kdQoYwUtQNYJxrbqs/XQey
Score

10^/10

vidar b2ced91faf30889899f34458f95b8e93 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarb2ced91faf30889899f34458f95b8e93discoveryspywarestealer

behavioral2

vidarb2ced91faf30889899f34458f95b8e93discoveryspywarestealer