vidar

Sharing

Copy URL

Twitter E-mail

General

Target

!Files-PAsw0rds__1144.zip
Size

15.4MB
Sample

240221-wsr4psdd65
MD5

b7e3d19b18cf58de96759b170babb864
SHA1

33bd20d79863149946ed54c6e6aac75fc9651d01
SHA256

96bced42def7b8d8a6e836ea2d7d0aaae76ee5558c165a88cee70af8639be642
SHA512

f7e7279047c652efe9f7d3bc801afcbab00235d2674af3ffdc5e356aeeded175b8faa65c6a335156acc704e1bbd98b018226c74ddf25ecfa4d0cdc247b61b7b9
SSDEEP

393216:1l5sfpry/NaeRWcp2rZSRTzxm6+eguRM0WH6zSLU5:1zsRrycWWI2YR3TgmM0WH6zSI5

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

b86ed69267e5641d44dafebd064d1e80

https://65.109.242.97

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes

profile_id_v2
b86ed69267e5641d44dafebd064d1e80
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

- Target
  
  Full_Activate_Setup.exe
- Size
  
  7.3MB
- MD5
  
  49b6bce6cd0111433969c39a62635f91
- SHA1
  
  0e34b4e770cc7d018b955bc14dabb205321e872c
- SHA256
  
  29345d9c6ff0106c9032b15e2c88f17bc8972ed843d1b5c044cf17d00f1d45c5
- SHA512
  
  4737663a5a6b30779650dcaa461b7751bfb735d2c906d04d877604db5a270f68205e0ff1240f2509f2835d885708b849759b10d22deff3bf0f03579bd1402ff8
- SSDEEP
  
  49152:/Ph7SQtfhuOhfEPOBjP9P6SOgjha5VKnRt3RQ9Wpvgt4sbVpEmVT1oG3vTROBYxI:ntBbz3q9QluER
Score

10^/10

vidar b86ed69267e5641d44dafebd064d1e80 stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  infos/Managed/Assembly-CSharp.dll
- Size
  
  427KB
- MD5
  
  750b859e2a7e9f89401fe9814f3cbb47
- SHA1
  
  f2cdfc48b9aaff5890669e13aeacd5bf036f3e5a
- SHA256
  
  9604fa89b52eab4df7139138f401df3ebb4ed7ce5d9dfb22897c79365b0f8e82
- SHA512
  
  d58b3a4606c81f0354e03ef3ec3a17e8e879c2aee2a4761a63c2ade764af40938cd942da41173efa9a6ed4a790eca970852c9143de5c92506dc7935ddbcefbaf
- SSDEEP
  
  12288:GOyWvBBMibyQXkUrhgglWwK7+4xcurT8:HBR9hYn7+4xcuX8
Score

1^/10
behavioral3 behavioral4
- Target
  
  infos/Managed/Mono.Security.dll
- Size
  
  286KB
- MD5
  
  7567e3c9d6916561cd9fd7f856a0a261
- SHA1
  
  fd24d3858fbd8110f62aa3650e98d261d4f816ec
- SHA256
  
  9b1a1f21f3396f94635785abf580fcf1ba91c2fda142f239c7979e489bad73c5
- SHA512
  
  1cf1460d54fcde79d36044633c495d946012255c9dfc4f9199086177582af6a958b335fcee2d590cf48584baf46e0218ed020c3ccf2af32f7b4ca7df2ae223c3
- SSDEEP
  
  6144:0ytgJ7SzJWhaeQTVJRj02ooGzsbFNG5ms7h:YB5ceQ502oVzB
Score

1^/10
behavioral5 behavioral6
- Target
  
  infos/Managed/Rewired_Windows.dll
- Size
  
  906KB
- MD5
  
  1613afa8785935360e741abba8a9d443
- SHA1
  
  96a8fd0f981c4fdfad736cb34168bedadc0cfd27
- SHA256
  
  2d2b1d48e87c11ada34f3cf272f717bd5452395407a373fcc6d67332535cad39
- SHA512
  
  3c5ac312e5f683d837f0dc8a1eab91c24d168264f6b66e3eaf9db09c1db327d1cdae90fc15521c2114b446d55646a98f899661a15d8eb0c6b9c5754dec3fb84f
- SSDEEP
  
  12288:MNUOjSl7+JZd47pYFYuRoboSSABBsXy16C1aCjEDnBLx+u/oqusXZZiUB5Y52jN9:MyYOCXS6C1aCjELBlwVe1B5E2
Score

1^/10
behavioral7 behavioral8
- Target
  
  infos/Managed/System.Core.dll
- Size
  
  259KB
- MD5
  
  85f0d723132ba16e72eab723763ed66a
- SHA1
  
  bb4f375ad9e7eb591613d5ee7c80336a3b56a749
- SHA256
  
  6f2ef3b48109f4d9e0f932cbc1d6b01054c0d4276da3bb3ba57b1ef9f73afa9b
- SHA512
  
  bbbfed92598bfd5ff13e214087d4c5d346531771cde153ec038a6f92bab1d60af843e648ccdb7e9ce2a87defbd79f0cb1eeb5547e6aeb9aecbba37ece7a66cc2
- SSDEEP
  
  6144:dpmYcnyyZrWiXPQOct0gSNMLLSAAhY3iJKV3I:9cnyyZrWiXZct03MCThWiJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  infos/Managed/System.Xml.dll
- Size
  
  1.2MB
- MD5
  
  e5a9f7bfd01a78251cec50f1687a33b8
- SHA1
  
  1027d6748ad406ea1994fdda42005d37e0f1d1db
- SHA256
  
  deab490cc610420c5df076a6800151436f9cf78710f80be270e39ef863907eca
- SHA512
  
  be8243ddabdbe6dbd02d085e402a4e2b164f1e84ba5e9ce11512dc1f47cec8894797fc29fe6149fccf7acf663a2c7428dbcdc16909c246122837c4088c19cd21
- SSDEEP
  
  12288:snDZg/nOqY0eFICO72v+FGm+gr5tsJ1S9BUmJ8t+S32b5jB/2HpdacxRwKmRB2:snDIOIeF22i+gMJuBUmJ8IPBox6r2
Score

1^/10
behavioral11 behavioral12
- Target
  
  infos/Managed/System.dll
- Size
  
  1.0MB
- MD5
  
  23726881ef51d4097769e2cbf29c826a
- SHA1
  
  a75c50eebd3da61d821b8e45fcd1d7919ec0ba0b
- SHA256
  
  b8517e9e87db7d45525e5ac82cb4f9dcd77aadb3a8c159d1b1ec0df3ff388dd6
- SHA512
  
  aa1a76bba1ff7047469a1b726e7d1d603c11e6e8a4bfe5469859564566994d781e5bb91357924249ba9ab8ff64a2ad058e78129296d1fe824d7b4cd9ba914786
- SSDEEP
  
  24576:gvKCuaUIERHhTCzPIH98RlreZgkNoJXfBKsClf6ott50VIZwrJG8MAFPGmSu:gyCPvBSZwrJG8MAFPGm
Score

1^/10
behavioral13 behavioral14
- Target
  
  infos/Managed/Unity.Postprocessing.Runtime.dll
- Size
  
  141KB
- MD5
  
  a75ea867f8f13ad7e081f64c2407c66b
- SHA1
  
  1a46a9ba7a024d91774a56190157683599443747
- SHA256
  
  8bb91dcd3aff282bd37804adcaab5a6a0337695570909eb83d88e5900007be87
- SHA512
  
  43a4de663a1f54826348ba24a6dd1beec996a59d194ee10d17c8fb0ff55430fa727a05b1c5377603c13e45b738bbef76435dc1859b0a5709fa9bae979a24c236
- SSDEEP
  
  3072:mGxexnpaRblPXA5oOoSpM+k/slzP5kH/cJAr:m7wPYF/p0KqcJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  infos/Managed/Unity.RenderPipelines.Core.Runtime.dll
- Size
  
  180KB
- MD5
  
  ada7730ee67447a643a760b5324283b6
- SHA1
  
  5f246cd1a5859d1c21da052e4a8cdba545ef0ab0
- SHA256
  
  b42119b70c05796d19617774336d8fd7cf988aa3d0fda6946edc68368bdd6a6f
- SHA512
  
  5d33a1ed872396b284c1253e8b9098a96f81e316c82170b3589fbd9b1c29f59dd107d6700d963df0056b390887bcbc4d0cc983209df81e7096be89e7680b4a18
- SSDEEP
  
  3072:/WsIlcGLwg9B8NiTR3QYCFGNEnbU06oM2GPtZvKxZfzXBLFJoS:XQwgIkN3RbXoM2GPtSzXBLFJo
Score

1^/10
behavioral17 behavioral18
- Target
  
  infos/Managed/Unity.RenderPipelines.Lightweight.Runtime.dll
- Size
  
  59KB
- MD5
  
  b4bf1c91fc65a1fd3723ffb34ebf8d10
- SHA1
  
  795c1092026f121e4738f946a601834656503c76
- SHA256
  
  f8ed3296a5b654fe27d27c0d613555acaafcb707cecc7d391f02c114cbf852c8
- SHA512
  
  e8cf1c805f58907ee27f128029dffd153ccaff6f532d0204741216e026b614558a4395d9543172872fbdb49c9052adf99ae9aad1aaf1a16bae5bfa5b5751fb41
- SSDEEP
  
  1536:E7GBI73Zw+OrbMe23xtet71WRhZBvwcfxz4oJE:Bc3Zwd/MjLZBxcCE
Score

1^/10
behavioral19 behavioral20
- Target
  
  infos/Managed/Unity.TextMeshPro.dll
- Size
  
  308KB
- MD5
  
  54b9fd4d5e1abcefbc692b4384761b82
- SHA1
  
  a8f2235ba53960ed071bc7ec91fd818d2957eef2
- SHA256
  
  08e99be19807deabf798bb8e97a9ceab23472e01e43aa8a505a8656bc21a4f4b
- SHA512
  
  3a40a42da77f35b0bc064518d21d28b3033676dcfb9fd369333722894f4d84668b3f6eaf7738d89ac0cb7f5354e817e0b9af0c55de3056e516ef18250879b216
- SSDEEP
  
  6144:Up+2Fn9DbBieSSd+39YPKlTfw9SIbPNJrZKCGeeZoF0:U82FnxBi/S832PKlTvIbPNFV
Score

1^/10
behavioral21 behavioral22
- Target
  
  infos/Managed/UnityEngine.AIModule.dll
- Size
  
  38KB
- MD5
  
  9e8d7a9b34a223e383e79ac89d6ba2be
- SHA1
  
  f43b425d6eb9a395f021bb3b463f062fa7aa4f21
- SHA256
  
  0fdc7eacd631c4ded5b75e92c9b98b56cd13f063f2ea2b7ce7dad4a437f63597
- SHA512
  
  d8c2947512c69495bf3e61bab2ca2ba65a300895ffcb3fbe5ba593861d92b8c14f600f73ff1fe4776961a96faa273c471159000a9228ce378b49b7f2453d9422
- SSDEEP
  
  768:OYouZ7+t8Dz26iicuE/roMMLmMkBdaZBxVIqu2WhsieochdV2:OWFm8Dz26iiR6/e5W4hhr2
Score

1^/10
behavioral23 behavioral24
- Target
  
  infos/Managed/UnityEngine.ARModule.dll
- Size
  
  21KB
- MD5
  
  2695ae3d4a27b71c9d8a19b97c47e79f
- SHA1
  
  d7bf4cbe69839efbfea32995ec1616fedc295db5
- SHA256
  
  3598c5eb22d7afe3c738df4d019f835e67bc6724351bd69fdf106ad55feec126
- SHA512
  
  60e0145de99462f79fb77f707d57e56a99f25b9da68a9162af901be7d19b8ad7b1de84d7c44a6a4f4d77e3b720fe56f3f1a0e10a284f02a812eb6d12bfa9ff4b
- SSDEEP
  
  384:5Ny1fGJeg0A9CNRiA2As2rZMo8fiujw/vVP7NuLk+J0lcK9cjQ:5xJL4p2AsMMoNujIJ7cLkwi59n
Score

1^/10
behavioral25 behavioral26
- Target
  
  infos/Managed/UnityEngine.AccessibilityModule.dll
- Size
  
  8KB
- MD5
  
  4999281ea43d709ab2681403566a53c2
- SHA1
  
  3a1b77ddfdcc09546b90a7ca805201a2e3ffbfcc
- SHA256
  
  7428c07ede130108151834313b87d55573b3cc8024afd86f3a0c7650be662275
- SHA512
  
  384eec39addffc37ffb750e8b3ce2ff5b4e7e0fbe3b10d148487a336d49187b7051606eb839be471a73db5c0954bc6bd6e29ee5b347216b26a0b25ddf7144c91
- SSDEEP
  
  96:GIDqgHuhhZeBwktZmkLt12K/Yz0eOcVxO+v0Sk03AHaLcjZCQm0SL:rqNZYFLbo0VDa3AycjGL
Score

1^/10
behavioral27 behavioral28
- Target
  
  infos/Managed/UnityEngine.AnimationModule.dll
- Size
  
  127KB
- MD5
  
  3c75b3d624d27e6495dd64516d6dc878
- SHA1
  
  07e39edd3ec3531e296f1e6771398da999b35eaa
- SHA256
  
  068233dddd8087276937162311fec8e44fb4f8cc351c6d716a5b8878915e44bd
- SHA512
  
  0f20bbb606d89ede57fbfe578044629fd71435f21dbeaa594731b202a3be3e2af86c6423686491fb64a2244119fd5035bba1f682955172d7852ca305f4b865e4
- SSDEEP
  
  3072:NGCb/SJfRG7zyvwiAk4LXvdedHI35GIynL432S9pEm2bb:M6/cvyk4LXvdedo3Q3nL432S9pEm
Score

1^/10
behavioral29 behavioral30
- Target
  
  infos/Managed/UnityEngine.AssetBundleModule.dll
- Size
  
  15KB
- MD5
  
  c06cc346c6b711a2722ea0a63dece486
- SHA1
  
  2035e7d0c24b72d4b20f3477ed7de644ff8d676b
- SHA256
  
  d5a3bde4e5e979646fb00f20f524270172b6e51365b9abed1a0172e8cc77f650
- SHA512
  
  d71126e0211ffde85edb0777b6434b208268c9b2204026c2a102bd88577337915165b6ef362859f79520ffc4376ddaeb01404a1100ea6f5468087778000cbf75
- SSDEEP
  
  192:x0MKavB+BggRRwxqx8F+cmCWXvFc864MV6fiJ+5WyBcIAe1ciEUzvXSgdttd47fT:pe8kcmCWXvT7MIjvrcj/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32