vidar | 4c8d4fe52ba7d6cdf066e53e98f2ad3cbc3e6689f980894412a4653efb18401e | Triage

Sharing

General

Target

NEAS.4c8d4fe52ba7d6cdf066e53e98f2ad3cbc3e6689f980894412a4653efb18401e_JC.exe
Size

396KB
Sample

231008-r5c34adc2v
MD5

ce6d0ce65da74439bd838521cc78c3fe
SHA1

cc74d89a66d0ea8b2d4ea46d16025f379d3c5133
SHA256

4c8d4fe52ba7d6cdf066e53e98f2ad3cbc3e6689f980894412a4653efb18401e
SHA512

77b7f9bf2bdfbafa50cac7fc5d2b6ec5f5930e98d47e1a8e6035bf83ee8a2bb8157180d6426bbc83b2fb7c495c29790f5d4729bcfccbea29f9e8fa2d01bd241b
SSDEEP

6144:+JeWvjxHueVqjkd9oqJ2/GB7RpMklUzxCLOMLUpx7w:+9LxHR+e5gUkklUzkOMLUs

Score

10^/10

vidar 4841d6b1839c4fa7c20ecc420b82b347 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.9

Botnet

4841d6b1839c4fa7c20ecc420b82b347

C2

https://steamcommunity.com/profiles/76561199557479327

https://t.me/grizmons

Attributes

profile_id_v2
4841d6b1839c4fa7c20ecc420b82b347
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 OPR/104.0.0.0

Targets

- Target
  
  NEAS.4c8d4fe52ba7d6cdf066e53e98f2ad3cbc3e6689f980894412a4653efb18401e_JC.exe
- Size
  
  396KB
- MD5
  
  ce6d0ce65da74439bd838521cc78c3fe
- SHA1
  
  cc74d89a66d0ea8b2d4ea46d16025f379d3c5133
- SHA256
  
  4c8d4fe52ba7d6cdf066e53e98f2ad3cbc3e6689f980894412a4653efb18401e
- SHA512
  
  77b7f9bf2bdfbafa50cac7fc5d2b6ec5f5930e98d47e1a8e6035bf83ee8a2bb8157180d6426bbc83b2fb7c495c29790f5d4729bcfccbea29f9e8fa2d01bd241b
- SSDEEP
  
  6144:+JeWvjxHueVqjkd9oqJ2/GB7RpMklUzxCLOMLUpx7w:+9LxHR+e5gUkklUzkOMLUs
Score

10^/10

vidar 4841d6b1839c4fa7c20ecc420b82b347 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar4841d6b1839c4fa7c20ecc420b82b347discoveryspywarestealer

behavioral2

vidar4841d6b1839c4fa7c20ecc420b82b347discoveryspywarestealer