vidar | 17fda4fb35aa42510fe2ae20d26a6d74ee65075ce95a084c32ca9548a58838a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2353ef140fcfb38add13c74b388b710d.exe
Size

290KB
Sample

231006-jrjpqabh92
MD5

2353ef140fcfb38add13c74b388b710d
SHA1

4c7f18fc0fc379e232df0303dd80654d693e45b5
SHA256

17fda4fb35aa42510fe2ae20d26a6d74ee65075ce95a084c32ca9548a58838a0
SHA512

d0f18c59678592ac7c123bafdf963a4d5ae36adbecc37fd4e4fd4f786033ad01b366cbb174498f0709bb2006a865463f01c20522ddefda2b3e196a56b0a58c5c
SSDEEP

6144:w1S2o9ph6wYDkInQFXYFed9jjzehAMwr71V82IXRn:ws20ZUZFijzehAMz2S

Score

10^/10

vidar e22d2e68f8601f5538d68ac735f8c50d discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.9

Botnet

e22d2e68f8601f5538d68ac735f8c50d

C2

https://steamcommunity.com/profiles/76561199557479327

https://t.me/grizmons

Attributes

profile_id_v2
e22d2e68f8601f5538d68ac735f8c50d
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 OPR/104.0.0.0

Targets

- Target
  
  2353ef140fcfb38add13c74b388b710d.exe
- Size
  
  290KB
- MD5
  
  2353ef140fcfb38add13c74b388b710d
- SHA1
  
  4c7f18fc0fc379e232df0303dd80654d693e45b5
- SHA256
  
  17fda4fb35aa42510fe2ae20d26a6d74ee65075ce95a084c32ca9548a58838a0
- SHA512
  
  d0f18c59678592ac7c123bafdf963a4d5ae36adbecc37fd4e4fd4f786033ad01b366cbb174498f0709bb2006a865463f01c20522ddefda2b3e196a56b0a58c5c
- SSDEEP
  
  6144:w1S2o9ph6wYDkInQFXYFed9jjzehAMwr71V82IXRn:ws20ZUZFijzehAMz2S
Score

10^/10

vidar e22d2e68f8601f5538d68ac735f8c50d discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidare22d2e68f8601f5538d68ac735f8c50ddiscoveryspywarestealer

behavioral2

vidare22d2e68f8601f5538d68ac735f8c50ddiscoveryspywarestealer