vidar

General

Target

c9cb32e5640fa80d0cf9fdf066c74731393a76394f06039ce894a243da56cb74.exe
Size

223KB
Sample

240326-dclmwacb96
MD5

763ffb80e9ec279e081ef0fbc7b64ece
SHA1

c348bf347c5d74c73f223efad48b7d95923c502f
SHA256

c9cb32e5640fa80d0cf9fdf066c74731393a76394f06039ce894a243da56cb74
SHA512

04603eb8b6934f2808065e7001b1151d04a91818f4d2068344e565df3e3050458b56360308dfdebaed1bf892a0d214eaa5dbedd0f85206da1c82d152c14e530d
SSDEEP

3072:nhyua89gGI3OVBfMjjIoLXpKh0YzIv+/oDsxV2y1C/qqPXq9XVqpti7rN7nhZ9or:thyjxL4h0bg0mVD1tqout2RjhwsU0

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

8.4

Botnet

4cf8d799a3641f9821e54be56c960e28

C2

https://steamcommunity.com/profiles/76561199654112719

https://t.me/r2d0s

Attributes

profile_id_v2
4cf8d799a3641f9821e54be56c960e28
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0

Targets

- Target
  
  c9cb32e5640fa80d0cf9fdf066c74731393a76394f06039ce894a243da56cb74.exe
- Size
  
  223KB
- MD5
  
  763ffb80e9ec279e081ef0fbc7b64ece
- SHA1
  
  c348bf347c5d74c73f223efad48b7d95923c502f
- SHA256
  
  c9cb32e5640fa80d0cf9fdf066c74731393a76394f06039ce894a243da56cb74
- SHA512
  
  04603eb8b6934f2808065e7001b1151d04a91818f4d2068344e565df3e3050458b56360308dfdebaed1bf892a0d214eaa5dbedd0f85206da1c82d152c14e530d
- SSDEEP
  
  3072:nhyua89gGI3OVBfMjjIoLXpKh0YzIv+/oDsxV2y1C/qqPXq9XVqpti7rN7nhZ9or:thyjxL4h0bg0mVD1tqout2RjhwsU0
Score

10^/10

vidar 4cf8d799a3641f9821e54be56c960e28 stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Detects Windows executables referencing non-Windows User-Agents

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2