vidar | d474f231ea970d900642a9f2831f6b8c0250e02dfab27a8eac9b00923ceb9edc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d474f231ea970d900642a9f2831f6b8c0250e02dfab27a8eac9b00923ceb9edc
Size

370KB
Sample

231021-vmrejshc39
MD5

1c26dd56dfb06af9ecb93871fc5d49bf
SHA1

e083f619faad8f5ed2036804d66ec1851e1cda7f
SHA256

d474f231ea970d900642a9f2831f6b8c0250e02dfab27a8eac9b00923ceb9edc
SHA512

fa131475568293e0af522410b94897c22af63b2f8db663b213c2aeaea0e7b589781f02398adb34e35bbc813595be4984fe0a8dc0e617138b1a60ed2812058b1e
SSDEEP

6144:3inAMSQRepI3tKGL20H9QYL3d/03sxUBiIZzzphZWDnJHyh:SAxkepI9KS20H+o3d/pGZCjB

Score

10^/10

vidar af2b108237a470d5313ebab11ef5d055 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

6.1

Botnet

af2b108237a470d5313ebab11ef5d055

C2

https://steamcommunity.com/profiles/76561199563297648

https://t.me/twowheelfun

Attributes

profile_id_v2
af2b108237a470d5313ebab11ef5d055
user_agent
Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/605.1.15

Targets

- Target
  
  d474f231ea970d900642a9f2831f6b8c0250e02dfab27a8eac9b00923ceb9edc
- Size
  
  370KB
- MD5
  
  1c26dd56dfb06af9ecb93871fc5d49bf
- SHA1
  
  e083f619faad8f5ed2036804d66ec1851e1cda7f
- SHA256
  
  d474f231ea970d900642a9f2831f6b8c0250e02dfab27a8eac9b00923ceb9edc
- SHA512
  
  fa131475568293e0af522410b94897c22af63b2f8db663b213c2aeaea0e7b589781f02398adb34e35bbc813595be4984fe0a8dc0e617138b1a60ed2812058b1e
- SSDEEP
  
  6144:3inAMSQRepI3tKGL20H9QYL3d/03sxUBiIZzzphZWDnJHyh:SAxkepI9KS20H+o3d/pGZCjB
Score

10^/10

vidar af2b108237a470d5313ebab11ef5d055 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidaraf2b108237a470d5313ebab11ef5d055discoveryspywarestealer