vidar | 520281668c9a4f0c2ea5c389a2ad845d16a3ab9f26049842d92a7073ddcaefc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

520281668c9a4f0c2ea5c389a2ad845d16a3ab9f26049842d92a7073ddcaefc9
Size

315KB
Sample

230918-rcyt4ahg3z
MD5

6d0833f9774c908998968451c35979da
SHA1

5aba9b3f8a8c32185979acaae7ae2e20e35ede5b
SHA256

520281668c9a4f0c2ea5c389a2ad845d16a3ab9f26049842d92a7073ddcaefc9
SHA512

b117e2722d3c25714c84c7fb8188663626a35e6f5e7b9c4c53b25814d706f2e1182abe55c38959cf92c2100ceb8a12e6bb10858746546a9df2cda15e1f43a23e
SSDEEP

6144:qsEILL6aq6hJyHrx/MU61a6pNId24toBgx4ZB2cLXciQmfjZmxT:qsrGP6hJyHrdynId2tgiB2+XtLZm1

Score

10^/10

vidar 4a1aa8ab07f29eec0b3af77dd5c0f4cb discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.7

Botnet

4a1aa8ab07f29eec0b3af77dd5c0f4cb

C2

https://steamcommunity.com/profiles/76561199553369541

https://t.me/dastanatg

Attributes

profile_id_v2
4a1aa8ab07f29eec0b3af77dd5c0f4cb
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.7 Safari/605.1.75

Targets

- Target
  
  520281668c9a4f0c2ea5c389a2ad845d16a3ab9f26049842d92a7073ddcaefc9
- Size
  
  315KB
- MD5
  
  6d0833f9774c908998968451c35979da
- SHA1
  
  5aba9b3f8a8c32185979acaae7ae2e20e35ede5b
- SHA256
  
  520281668c9a4f0c2ea5c389a2ad845d16a3ab9f26049842d92a7073ddcaefc9
- SHA512
  
  b117e2722d3c25714c84c7fb8188663626a35e6f5e7b9c4c53b25814d706f2e1182abe55c38959cf92c2100ceb8a12e6bb10858746546a9df2cda15e1f43a23e
- SSDEEP
  
  6144:qsEILL6aq6hJyHrx/MU61a6pNId24toBgx4ZB2cLXciQmfjZmxT:qsrGP6hJyHrdynId2tgiB2+XtLZm1
Score

10^/10

vidar 4a1aa8ab07f29eec0b3af77dd5c0f4cb discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar4a1aa8ab07f29eec0b3af77dd5c0f4cbdiscoveryspywarestealer