vidar | 34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa | Triage

Sharing

General

Target

34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa.exe
Size

11.3MB
Sample

231202-lexf6abd62
MD5

98a0bf4af1e1e9a69bddee4421e1772d
SHA1

38c9160650423557c000b624dc5764c7e593b6e2
SHA256

34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa
SHA512

57e5311bc68b22f59029129ed8a11b6e604e908eba60bc4548604011eee2465ffee5748157d78377c796bb6a2e019cd9018f84f4fc610a45255ee4729f1797dc
SSDEEP

196608:Z0OHLe9/L+y5ugST2ZHZIXt/D7awIyOmAJuA4PZPc2iVXLy0LY7tvRo:K39/Cy5ugPnIFb37AJ+Nc2ikQGo

Score

10^/10

vidar ff0f5173b378c3dde7c3c6e3ae14c3a6 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

6.5

Botnet

ff0f5173b378c3dde7c3c6e3ae14c3a6

C2

https://t.me/starcofeeth

https://steamcommunity.com/profiles/76561199571056594

Attributes

profile_id_v2
ff0f5173b378c3dde7c3c6e3ae14c3a6
user_agent
Mozilla/5.0 (X11; CrOS x86_64 15329.59.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Targets

- Target
  
  34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa.exe
- Size
  
  11.3MB
- MD5
  
  98a0bf4af1e1e9a69bddee4421e1772d
- SHA1
  
  38c9160650423557c000b624dc5764c7e593b6e2
- SHA256
  
  34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa
- SHA512
  
  57e5311bc68b22f59029129ed8a11b6e604e908eba60bc4548604011eee2465ffee5748157d78377c796bb6a2e019cd9018f84f4fc610a45255ee4729f1797dc
- SSDEEP
  
  196608:Z0OHLe9/L+y5ugST2ZHZIXt/D7awIyOmAJuA4PZPc2iVXLy0LY7tvRo:K39/Cy5ugPnIFb37AJ+Nc2ikQGo
Score

10^/10

vidar ff0f5173b378c3dde7c3c6e3ae14c3a6 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidarff0f5173b378c3dde7c3c6e3ae14c3a6discoveryspywarestealer

behavioral2

vidarff0f5173b378c3dde7c3c6e3ae14c3a6stealer