vidar | b6abf8a3d5e865b0968637b92642fbaaf328dad7f7e750284c95c68600e293bf | Triage

Sharing

General

Target

Reservation information (date, name and etc) (1).rar
Size

75.3MB
Sample

231008-w27krafb3y
MD5

4cd4786a3b615b2c884865ce1db051c4
SHA1

0fb49e1aa32c0bf257425724886a7760c79f763e
SHA256

b6abf8a3d5e865b0968637b92642fbaaf328dad7f7e750284c95c68600e293bf
SHA512

6ef00733e79816a4bfa39dd397250ab9387be64845bc2bc5a3f2c43dc659e5271b56037510331f16f646c647e6bf4eefe4509047b6a9ecbfe85cfb1013729f4f
SSDEEP

1572864:y87OYjPb/eWnmtmDpqKdUbxAzOohf+g9WpoX5j4R5bsWtF4fgabM:y87OM/eeDpnSbx2Odg9CoXt4RD4fgaw

Score

10^/10

vidar 3ea14c104bd4d544fa30377b4df192a6 spyware stealer

Malware Config

Extracted

Family

vidar

Version

5.9

Botnet

3ea14c104bd4d544fa30377b4df192a6

C2

https://t.me/grizmons

https://steamcommunity.com/profiles/76561199557479327

http://94.228.162.50:80

Attributes

profile_id_v2
3ea14c104bd4d544fa30377b4df192a6
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 OPR/104.0.0.0

Targets

- Target
  
  Reservation information (date, name and etc)/Reservation information (date, name and etc).exe
- Size
  
  92.9MB
- MD5
  
  9809cc75b12ebaa98003f8288978f3b3
- SHA1
  
  94a5a71d6548ea8aab5b03f5bc8dcd2c559ed084
- SHA256
  
  dd5ed75d01cbe4f1957df72a058656e7b45cb1e2e74efa6eb796fe9a7012a173
- SHA512
  
  6421e8cf53d93dcd48529ba7ec34a8b7cdf24d34886bee3828f12385942619e89345b205d0201faffaad60a0dd34dd9cc243230f2c4b9f5ce75bc1cb684125cf
- SSDEEP
  
  1572864:Th4QkjGuWsqebzyuGqNMnKuEqHhaPd5nC8DDkeZZZZZsOKa1pVeOKCr7ZPE:l43jRWshbzyuNMnlEqIPrzDkeZZZZZsR
Score

10^/10

vidar 3ea14c104bd4d544fa30377b4df192a6 spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar3ea14c104bd4d544fa30377b4df192a6spywarestealer