vidar | f85e44c1e53754b70b29bdc5325e37b1fa5a6ed415f43bfd192c96c28f3a08e4 | Triage

Sharing

General

Target

f85e44c1e53754b70b29bdc5325e37b1fa5a6ed415f43bfd192c96c28f3a08e4
Size

394KB
Sample

231008-2cv4bage5z
MD5

ec771d7afcae49ec3c624e27b76f59e3
SHA1

bcc6808be06b56df4cc84213aa30805271b6169c
SHA256

f85e44c1e53754b70b29bdc5325e37b1fa5a6ed415f43bfd192c96c28f3a08e4
SHA512

b2dd1749007aebb2917f2a784104c69ed3a22372a2bdba96b9a9ef6c643abc6c209988ea0b0f420d61583330257c694d7d24ef8844ac98af06673fa63f3eaa56
SSDEEP

6144:jO4W8vwqd+l4OXCrGM67StuYzRgunFNS/j+V4Ky:CB4wqcyrj67guYfvSrt

Score

10^/10

vidar e22d2e68f8601f5538d68ac735f8c50d discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.9

Botnet

e22d2e68f8601f5538d68ac735f8c50d

C2

https://steamcommunity.com/profiles/76561199557479327

https://t.me/grizmons

Attributes

profile_id_v2
e22d2e68f8601f5538d68ac735f8c50d
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 OPR/104.0.0.0

Targets

- Target
  
  f85e44c1e53754b70b29bdc5325e37b1fa5a6ed415f43bfd192c96c28f3a08e4
- Size
  
  394KB
- MD5
  
  ec771d7afcae49ec3c624e27b76f59e3
- SHA1
  
  bcc6808be06b56df4cc84213aa30805271b6169c
- SHA256
  
  f85e44c1e53754b70b29bdc5325e37b1fa5a6ed415f43bfd192c96c28f3a08e4
- SHA512
  
  b2dd1749007aebb2917f2a784104c69ed3a22372a2bdba96b9a9ef6c643abc6c209988ea0b0f420d61583330257c694d7d24ef8844ac98af06673fa63f3eaa56
- SSDEEP
  
  6144:jO4W8vwqd+l4OXCrGM67StuYzRgunFNS/j+V4Ky:CB4wqcyrj67guYfvSrt
Score

10^/10

vidar e22d2e68f8601f5538d68ac735f8c50d discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidare22d2e68f8601f5538d68ac735f8c50ddiscoveryspywarestealer

behavioral2

vidare22d2e68f8601f5538d68ac735f8c50ddiscoveryspywarestealer