vidar

General

Target

2cc0be582a350f1eafb6d3c6cc713393098a6936346a9070ba55abd346dfb090.zip
Size

292KB
Sample

240407-lfdenshg91
MD5

a02cc82344f0d84500a604068ad99c9a
SHA1

62e01cfcf2d0a502a55aa851cde5d56fecf7b87a
SHA256

ce7f14d87f328b1b382e6cbd73f4dd31a4e622dfbfec46fc3d37e1b387425bd3
SHA512

9a288b530ab5b00ad76a2c0d4c34807dbe396954493db4165ea873f437d68a6b64b99765c7d6f4ebfabfbe9eedb24517712f60e2e6a0cb7c6c04993f46751980
SSDEEP

6144:fld7uHLJ+cHpq3BIquvU4os9Q4wAdUhaeKwIkXvWriwSNXJkV:fldc4cHYIquM7s9zwAdXwIkQi/NZ8

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1148

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

http://116.202.6.206:80

Attributes

profile_id
1148

Targets

- Target
  
  2cc0be582a350f1eafb6d3c6cc713393098a6936346a9070ba55abd346dfb090.exe
- Size
  
  362KB
- MD5
  
  5367709f0a96713b5c9a518e13f306d6
- SHA1
  
  244bdcc9a3548101cacc9c4f8912fb8631764b40
- SHA256
  
  2cc0be582a350f1eafb6d3c6cc713393098a6936346a9070ba55abd346dfb090
- SHA512
  
  e8ef72e92e7524f8529e4b9f0232550c07ced72971bff2072d1f81989a1f6174fca03100b540f777d87fd0048048af31bfd203c51d30ec584d490cb3424f84f8
- SSDEEP
  
  6144:/Xd9qQwRToa3lQZCsPuugr+mJ35AfpJW+0sZZLBO+jJJM9KSlAo8hV:fdEVBoOlQnuuG+k3efD6sjLelAdb
Score

10^/10

vidar 1148 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1

T1553

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2