vidar

General

Target

1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
Size

4.1MB
Sample

240926-2gm89stgrb
MD5

4f3ddd6692d604ecf2bd37d93d0f2387
SHA1

78a00b190d88eaf514b5bf2af754681795de9e44
SHA256

1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
SHA512

2e1720baf9ad49781d224ac23ebe25aae6073465e7e962bde9759941373ec0109176be8d7a1693b0196b6ac1912d84b96422b2758e2e3143dec76de1154f4153
SSDEEP

98304:9BkNhx7tr/K0pB+km2inP8I0zJDd0TfuBUR8/Rg:9BkNVbiP8fDd0yBUy/q

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11

Botnet

8804a4f27e22750a8baa49e881ddca35

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
- Size
  
  4.1MB
- MD5
  
  4f3ddd6692d604ecf2bd37d93d0f2387
- SHA1
  
  78a00b190d88eaf514b5bf2af754681795de9e44
- SHA256
  
  1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
- SHA512
  
  2e1720baf9ad49781d224ac23ebe25aae6073465e7e962bde9759941373ec0109176be8d7a1693b0196b6ac1912d84b96422b2758e2e3143dec76de1154f4153
- SSDEEP
  
  98304:9BkNhx7tr/K0pB+km2inP8I0zJDd0TfuBUR8/Rg:9BkNVbiP8fDd0yBUy/q
Score

10^/10

vidar 8804a4f27e22750a8baa49e881ddca35 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2