vidar | 0241d42cb4f359df2c67f35b03019c1fa59b72507d49f5cb83cd8b1dffbd8850 | Triage

Sharing

General

Target

336ecdd5f5c040f5d3fa238ae4b4813ebc48401500d2dfad0604fa9f.exe
Size

3.8MB
Sample

231010-2fdnfafg2t
MD5

03e6a233c9bf8b86d7d7fe3a046ef507
SHA1

63a993cfeba3beab665f8518e2a9d5945edadfe4
SHA256

0241d42cb4f359df2c67f35b03019c1fa59b72507d49f5cb83cd8b1dffbd8850
SHA512

7911d620ea29738c3dc2e353faf1253f4100e20b6d1cf326ccfdb2741d45778daa31387f94e86882aa367efa535610ac892c7e3e0cdf7645d5a5585d26059b63
SSDEEP

24576:8yPRZPjShIghUnYbXCdK+umvEragNhB5p/URnO6VAIMYs:80jS+gi4CdyTPXp/URdAzYs

Score

10^/10

vidar fad4e06e1cf15b4775e72bc1a12d0e25 spyware stealer

Malware Config

Extracted

Family

vidar

Version

6

Botnet

fad4e06e1cf15b4775e72bc1a12d0e25

C2

https://steamcommunity.com/profiles/76561199560322242

https://t.me/cahalgo

Attributes

profile_id_v2
fad4e06e1cf15b4775e72bc1a12d0e25
user_agent
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 uacq

Targets

- Target
  
  336ecdd5f5c040f5d3fa238ae4b4813ebc48401500d2dfad0604fa9f.exe
- Size
  
  3.8MB
- MD5
  
  03e6a233c9bf8b86d7d7fe3a046ef507
- SHA1
  
  63a993cfeba3beab665f8518e2a9d5945edadfe4
- SHA256
  
  0241d42cb4f359df2c67f35b03019c1fa59b72507d49f5cb83cd8b1dffbd8850
- SHA512
  
  7911d620ea29738c3dc2e353faf1253f4100e20b6d1cf326ccfdb2741d45778daa31387f94e86882aa367efa535610ac892c7e3e0cdf7645d5a5585d26059b63
- SSDEEP
  
  24576:8yPRZPjShIghUnYbXCdK+umvEragNhB5p/URnO6VAIMYs:80jS+gi4CdyTPXp/URdAzYs
Score

10^/10

vidar fad4e06e1cf15b4775e72bc1a12d0e25 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfad4e06e1cf15b4775e72bc1a12d0e25spywarestealer

behavioral2

vidarfad4e06e1cf15b4775e72bc1a12d0e25spywarestealer