vidar | 2a94999889996a959b2e1d73df57d1878c4bd8460d80de136ed1cc25da9b5093 | Triage

Sharing

General

Target

2a94999889996a959b2e1d73df57d1878c4bd8460d80de136ed1cc25da9b5093
Size

379KB
Sample

231103-tc7hcagd79
MD5

0c5f52d717fc3c957f233bf8bf5612be
SHA1

9c42861670bb573663a5ed14d6a13b6409156e6d
SHA256

2a94999889996a959b2e1d73df57d1878c4bd8460d80de136ed1cc25da9b5093
SHA512

c6c64f65d2dcecf3920045aa7515a1d11f24ccd32fd03b6de1d6447c586b5da0cd9ffe3e7abd7837758a01f012115040975e4146aa4190ccac57bd9e1faef2e8
SSDEEP

6144:4Bax8WyodkQkXxiEKhkdmxn9yuJ12R73sACjg9OiSYXHO:9OWyodAhtKhkde9y02R7zCjIhfX

Score

10^/10

vidar 517 stealer

Malware Config

Extracted

Family

vidar

Version

54.9

Botnet

517

C2

https://t.me/larsenup

https://ioc.exchange/@zebra54

http://5.161.120.43:80

Attributes

profile_id
517

Targets

- Target
  
  2a94999889996a959b2e1d73df57d1878c4bd8460d80de136ed1cc25da9b5093
- Size
  
  379KB
- MD5
  
  0c5f52d717fc3c957f233bf8bf5612be
- SHA1
  
  9c42861670bb573663a5ed14d6a13b6409156e6d
- SHA256
  
  2a94999889996a959b2e1d73df57d1878c4bd8460d80de136ed1cc25da9b5093
- SHA512
  
  c6c64f65d2dcecf3920045aa7515a1d11f24ccd32fd03b6de1d6447c586b5da0cd9ffe3e7abd7837758a01f012115040975e4146aa4190ccac57bd9e1faef2e8
- SSDEEP
  
  6144:4Bax8WyodkQkXxiEKhkdmxn9yuJ12R73sACjg9OiSYXHO:9OWyodAhtKhkde9y02R7zCjIhfX
Score

10^/10

vidar 517 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidar517stealer