vidar

General

Target

ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
Size

2.6MB
Sample

240319-xhtefsbh73
MD5

d808bae5b85d49654587fa97cadc1e5b
SHA1

838e8ee580d085e54dcf5ddbcec79bda83cddd87
SHA256

ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
SHA512

c77fc79a98fc06c1845fb761d5bc1da4783c7ee9d7ea837eaa42cda3eaf2c0f5a6f26919eaeeef3f993b59d14998a340b2add356c78a22d4921d34d5f5d06ecb
SSDEEP

49152:NIDEtii6PzF4SipOgNnEciBWm4tjMw2E5a2QLImDK0lOQfi/xggs:uDbU1ZIBWmEjlVkBMmm0lDnp

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

1120

C2

https://t.me/verstappenf1r

https://climatejustice.social/@ronxik312

Attributes

profile_id
1120

Targets

- Target
  
  ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
- Size
  
  2.6MB
- MD5
  
  d808bae5b85d49654587fa97cadc1e5b
- SHA1
  
  838e8ee580d085e54dcf5ddbcec79bda83cddd87
- SHA256
  
  ef3b79e8771cd00c61c30593668be56ed74eade79910ae72a504dd571ba9b8ef
- SHA512
  
  c77fc79a98fc06c1845fb761d5bc1da4783c7ee9d7ea837eaa42cda3eaf2c0f5a6f26919eaeeef3f993b59d14998a340b2add356c78a22d4921d34d5f5d06ecb
- SSDEEP
  
  49152:NIDEtii6PzF4SipOgNnEciBWm4tjMw2E5a2QLImDK0lOQfi/xggs:uDbU1ZIBWmEjlVkBMmm0lDnp
Score

10^/10

vidar 1120 evasion stealer trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Vidar Stealer
  stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar Stealer

Checks BIOS information in registry

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2